build(deps): bump fast-xml-parser from 4.3.5 to 4.5.4 in /packages/auth-compat/demo/functions by dependabot[bot] · Pull Request #9616 · firebase/firebase-js-sdk

dependabot · 2026-03-03T12:30:25Z

Bumps fast-xml-parser from 4.3.5 to 4.5.4.

Release notes

Sourced from fast-xml-parser's releases.

Summary update on all the previous releases from v4.2.4

Multiple minor fixes provided in the validator and parser

v6 is added for experimental use.

ignoreAttributes support function, and array of string or regex

Add support for parsing HTML numeric entities

v5 of the application is ESM module now. However, JS is also supported

Note: Release section in not updated frequently. Please check CHANGELOG or Tags for latest release information.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.4.2 / 2026-03-03

support maxEntityCount option

5.4.1 / 2026-02-25

fix (#785) unpairedTag node should not have tag content

5.4.0 / 2026-02-25

migrate to fast-xml-builder

5.3.9 / 2026-02-25

support strictReservedNames

5.3.8 / 2026-02-25

support maxNestedTags

handle non-array input for XML builder when preserveOrder is true (By Angelo Coetzee)

save use of js properies

5.3.7 / 2026-02-20

fix typings for CJS (By Corentin Girard)

5.3.6 / 2026-02-14

Improve security and performance of entity processing

new options maxEntitySize, maxExpansionDepth, maxTotalExpansions, maxExpandedLength, allowedTags,tagFilter

fast return when no edtity is present

improvement replacement logic to reduce number of calls

5.3.5 / 2026-02-08

fix: Escape regex char in entity name

update strnum to 2.1.2

add missing exports in CJS typings

5.3.4 / 2026-01-30

fix: handle HTML numeric and hex entities when out of range

5.3.3 / 2025-12-12

fix #775: transformTagName with allowBooleanAttributes adds an unnecessary attribute

5.3.2 / 2025-11-14

fix for import statement for v6

5.3.1 / 2025-11-03

... (truncated)

Commits

f8d4d42 update strnum to fix parsing issues of 0 when skiplike is used
ab00cdc update package bundle for minor fixes
57c6187 Update ReadMe
caeda37 fix: emit full JSON string from CLI when no output filename specified (#710)
eadeb7e fix(performance): Update check for leaf node in saveTextToParentTag function ...
682066c Update disclaimer
280cd63 Fix null CDATA to comply with undefined behavior (#701)
e132656 update release detail
74e2651 Fixes entity parsing when used in strict mode (#699)
4082902 Fix empty tag key name for v5 (#697)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.3.5 to 4.5.4. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.3.5...v4.5.4) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 4.5.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

changeset-bot · 2026-03-03T12:30:31Z

⚠️ No Changeset found

Latest commit: 6e9cf79

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

* build(deps): bump underscore in /packages/auth/demo/functions (#9617) Bumps [underscore](https://github.com/jashkenas/underscore) from 1.13.6 to 1.13.8. - [Commits](jashkenas/underscore@1.13.6...1.13.8) --- updated-dependencies: - dependency-name: underscore dependency-version: 1.13.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump fast-xml-parser (#9616) Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.3.5 to 4.5.4. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.3.5...v4.5.4) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 4.5.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump fast-xml-parser in /packages/auth/demo/functions (#9615) Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.3.5 to 4.5.4. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.3.5...v4.5.4) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 4.5.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump minimatch in /packages/auth-compat/demo (#9601) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.5. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.5) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump minimatch in /packages/rules-unit-testing/functions (#9595) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.4. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.1.2...v3.1.4) --- updated-dependencies: - dependency-name: minimatch dependency-version: 3.1.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update peter-evans/create-or-update-comment digest to e2426b4 (#9579) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * build(deps): bump minimatch in /packages/auth/demo/functions (#9592) Bumps [minimatch](https://github.com/isaacs/minimatch) from 5.1.6 to 5.1.7. - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v5.1.6...v5.1.7) --- updated-dependencies: - dependency-name: minimatch dependency-version: 5.1.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump axios from 1.7.9 to 1.13.5 (#9574) Bumps [axios](https://github.com/axios/axios) from 1.7.9 to 1.13.5. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.7.9...v1.13.5) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump ajv in /packages/auth-compat/demo (#9585) Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.12.6 to 6.14.0. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump fast-xml-parser (#9607) Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.3.2 to 4.5.4. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](NaturalIntelligence/fast-xml-parser@v4.3.2...v4.5.4) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 4.5.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump basic-ftp from 5.0.5 to 5.2.0 (#9598) Bumps [basic-ftp](https://github.com/patrickjuchli/basic-ftp) from 5.0.5 to 5.2.0. - [Release notes](https://github.com/patrickjuchli/basic-ftp/releases) - [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md) - [Commits](patrickjuchli/basic-ftp@v5.0.5...v5.2.0) --- updated-dependencies: - dependency-name: basic-ftp dependency-version: 5.2.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump rollup in /packages/auth-compat/demo (#9599) Bumps [rollup](https://github.com/rollup/rollup) from 2.79.1 to 2.80.0. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md) - [Commits](rollup/rollup@v2.79.1...v2.80.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 2.80.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: Add a dependabot.yml to better configure its behavior (#9620) * firestore: improve documentation about CRUD promises and when they resolve (#8887) * fix: Workaround rollup terser-plugin's inconsistent property naming when using multiple entry points (#9622) * fix: Workaround rollup terser-plugin's inconsistent property naming when using multiple entrypoints * Create spotty-hornets-thank.md * Update rollup.config.lite.js Removed the `-[hash]` from the intermediate builds on the lite pipelines, both for consistency and to limit the amount of extraneous files created. * Bump firebase package dependency versions * OTEL Tracing Initial Commit * Tracing * Debugging * Cleanup * Local debug cleanup * Linter suggested fixes * Yarn format fix * More docgen and format updates * Fixes from yarn test * Yarn lint fixes * More yarn docgen:all fixes * Modify otlp exporter * Lint fixes * Removing unused dynamic header for now * Renaming * Removing node tracing for now * yarn format * Move tracing provider away from node * Updating otel dependencies * format * Updating otel dependencies * Remove fetch and user interaction libaries * Removing node tracing * format * Crashlytics tracing onboarding improvements (#9587) * modify tracing branch with different crashoption names * Updates so that folks can dev locally * Remove package bump * replace loggingUrl with endpointUrl * yarn format * Modify which tracing instrumentation we use * Attempt to remove dependency error triggered by document load library --------- Co-authored-by: Chris Chestnut <[email protected]> * Crash tracing rebase (#9600) * Refactor Github Action per b/485167538 (#9555) Co-authored-by: Ben Knutson <[email protected]> * build(deps): bump lodash in /packages/auth-compat/demo/functions (#9482) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump lodash in /packages/auth-compat/demo (#9464) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump lodash in /packages/rules-unit-testing/functions (#9463) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump lodash in /packages/auth/demo/functions (#9466) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update dependency webpack-dev-server to v5.2.1 [security] (#9078) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * chore(deps): update google-github-actions/auth digest to fc21748 (#8879) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#9465) Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Remove health metrics workflows (#9571) * feat(ai): Automatic function calling (#9489) * Updating otel dependencies * format * Updating otel dependencies * Remove fetch and user interaction libaries * Removing node tracing * format * Update angular example to modern standards (#9583) * chore(deps): update dependency @rollup/plugin-strip to v3 (#8745) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix(deps): update dependency @rollup/plugin-virtual to v3 (#8771) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Use environment for wdr tokens (#9578) * use environment for wdr tokens * missed a file * fix(deps): update dependency @rushstack/node-core-library to v5 (#8816) * fix(deps): update dependency @rushstack/node-core-library to v5 * Fix method name --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Christina Holland <[email protected]> * Update logs endpoint w/ location (fixed to `global` for now) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Google Admin <[email protected]> Co-authored-by: Ben Knutson <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Christina Holland <[email protected]> Co-authored-by: Anit Das <[email protected]> Co-authored-by: Anthony Barone <[email protected]> Co-authored-by: Morgan Chen <[email protected]> * add code owners for crashlytics (#9707) * Revert "add code owners for crashlytics (#9707)" (#9711) This reverts commit e8ca524. * Merge latest changes from main into crashlytics (#9741) * Rebase crashlytics on top of main * Update crashlytics package.json's firebase dependency versions * Merge crashlytics into crashlytics-tracing (#9699) * Catch up PR (#9713) * adding xhr instrumentation (#9719) Co-authored-by: Chris Chestnut <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Christina Holland <[email protected]> Co-authored-by: Denver Coneybeare <[email protected]> Co-authored-by: Mark Duckworth <[email protected]> Co-authored-by: abrook <[email protected]> Co-authored-by: Anit Das <[email protected]> Co-authored-by: MaesterChestnut <[email protected]> Co-authored-by: Chris Chestnut <[email protected]> Co-authored-by: Google Admin <[email protected]> Co-authored-by: Ben Knutson <[email protected]> Co-authored-by: Anthony Barone <[email protected]> Co-authored-by: Morgan Chen <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 3, 2026

dependabot bot requested review from Xiaoshouzi-gh and lisajian as code owners March 3, 2026 12:30

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 3, 2026

dependabot bot requested review from pashanka and sam-gc as code owners March 3, 2026 12:30

dependabot bot added the javascript Pull requests that update Javascript code label Mar 3, 2026

dependabot bot requested review from a team, NhienLam and mansisampat as code owners March 3, 2026 12:30

dependabot bot mentioned this pull request Mar 3, 2026

build(deps): bump fast-xml-parser from 4.3.5 to 4.5.3 in /packages/auth-compat/demo/functions #9572

Closed

hsubox76 approved these changes Mar 4, 2026

View reviewed changes

hsubox76 merged commit 1b0b2ed into main Mar 4, 2026
30 of 31 checks passed

hsubox76 deleted the dependabot/npm_and_yarn/packages/auth-compat/demo/functions/fast-xml-parser-4.5.4 branch March 4, 2026 16:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump fast-xml-parser from 4.3.5 to 4.5.4 in /packages/auth-compat/demo/functions#9616

build(deps): bump fast-xml-parser from 4.3.5 to 4.5.4 in /packages/auth-compat/demo/functions#9616
hsubox76 merged 1 commit intomainfrom
dependabot/npm_and_yarn/packages/auth-compat/demo/functions/fast-xml-parser-4.5.4

dependabot bot commented on behalf of github Mar 3, 2026

Uh oh!

changeset-bot bot commented Mar 3, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 3, 2026

Summary update on all the previous releases from v4.2.4

Uh oh!

changeset-bot bot commented Mar 3, 2026

⚠️ No Changeset found

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant