fix: override fast-xml-parser to 5.3.4 to resolve CVE

2026-04-15 05:02:07 +00:00 · 2026-01-31 23:48:22 +01:00 · 2026-01-31 23:48:22 +01:00 · c9fa28e626
commit c9fa28e626
parent 0ece01b51e
2 changed files with 6 additions and 3 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -5467,9 +5467,9 @@
 			"license": "BSD-3-Clause"
 		},
 		"node_modules/fast-xml-parser": {
-			"version": "5.2.5",
-			"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.2.5.tgz",
-			"integrity": "sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==",
+			"version": "5.3.4",
+			"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.4.tgz",
+			"integrity": "sha512-EFd6afGmXlCx8H8WTZHhAoDaWaGyuIBoZJ2mknrNxug+aZKjkp0a0dlars9Izl+jF+7Gu1/5f/2h68cQpe0IiA==",
 			"funding": [
 				{
 					"type": "github",
--- a/package.json
+++ b/package.json
@ -45,5 +45,8 @@
 		"@mariozechner/jiti": "^2.6.5",
 		"@mariozechner/pi-coding-agent": "^0.30.2",
 		"get-east-asian-width": "^1.4.0"
+	},
+	"overrides": {
+		"fast-xml-parser": "5.3.4"
 	}
 }