chore: update fast-xml-parser js package to ^5.3.9#2316
chore: update fast-xml-parser js package to ^5.3.9#2316
Conversation
|
Closes by #2313 |
There was a problem hiding this comment.
Pull request overview
Updates the tests/wp-e2e-playwright dependency override for fast-xml-parser to address the linked Dependabot security alert, and refreshes the lockfile accordingly.
Changes:
- Bump
fast-xml-parseroverride intests/wp-e2e-playwright/package.jsonto^5.3.9. - Update
tests/wp-e2e-playwright/package-lock.jsonto resolvefast-xml-parserto5.4.2and include its new dependencyfast-xml-builder.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| tests/wp-e2e-playwright/package.json | Updates the overrides entry for fast-xml-parser. |
| tests/wp-e2e-playwright/package-lock.json | Reflects the new resolved fast-xml-parser version and adds fast-xml-builder. |
Files not reviewed (1)
- tests/wp-e2e-playwright/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "webpack-dev-server": "5.2.1", | ||
| "minimatch": "10.2.1", | ||
| "fast-xml-parser": "5.3.7", | ||
| "fast-xml-parser": "^5.3.9", |
There was a problem hiding this comment.
In this package's overrides block, all other overrides are pinned to exact versions, but fast-xml-parser is now a caret range (^5.3.9). This can cause the override target to drift on future installs and makes the lockfile version (currently 5.4.2) harder to reason about. Consider pinning fast-xml-parser to a specific version (e.g., the resolved 5.4.2, or at least an exact 5.3.9) to keep overrides deterministic and consistent with the rest of this file.
| "fast-xml-parser": "^5.3.9", | |
| "fast-xml-parser": "5.4.2", |
This PR updates
fast-xml-parserjs package to^5.3.9Resolves https://github.com/rtCamp/rtMedia/security/dependabot/123