From c9fa28e6267568baa6fa726b890da163b7167e37 Mon Sep 17 00:00:00 2001
From: Mario Zechner <badlogicgames@gmail.com>
Date: Sat, 31 Jan 2026 23:48:22 +0100
Subject: [PATCH] fix: override fast-xml-parser to 5.3.4 to resolve CVE

---
 package-lock.json | 6 +++---
 package.json      | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 31392147..7c3d65f3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5467,9 +5467,9 @@
 			"license": "BSD-3-Clause"
 		},
 		"node_modules/fast-xml-parser": {
-			"version": "5.2.5",
-			"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.2.5.tgz",
-			"integrity": "sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==",
+			"version": "5.3.4",
+			"resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.4.tgz",
+			"integrity": "sha512-EFd6afGmXlCx8H8WTZHhAoDaWaGyuIBoZJ2mknrNxug+aZKjkp0a0dlars9Izl+jF+7Gu1/5f/2h68cQpe0IiA==",
 			"funding": [
 				{
 					"type": "github",
diff --git a/package.json b/package.json
index 713f0ed6..8aed2df9 100644
--- a/package.json
+++ b/package.json
@@ -45,5 +45,8 @@
 		"@mariozechner/jiti": "^2.6.5",
 		"@mariozechner/pi-coding-agent": "^0.30.2",
 		"get-east-asian-width": "^1.4.0"
+	},
+	"overrides": {
+		"fast-xml-parser": "5.3.4"
 	}
 }