Closed dependabot[bot] closed 9 months ago
The following labels could not be found: npm dependencies
.
Updates transitive dependency fast-xml-parser
. This change validates entity names which are used to search and replace xml content. Previously, these names were unsanitized and unescaped
https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw
Bumps fast-xml-parser to 4.2.5 and updates ancestor dependency @aws-sdk/client-rum. These dependencies need to be updated together.
Updates
fast-xml-parser
from 4.2.4 to 4.2.5Changelog
Sourced from fast-xml-parser's changelog.
... (truncated)
Commits
643816d
update package detailscc73065
Remove unused code (#587)9a880b8
Merge pull request from GHSA-gpv5-7x3g-ghjvUpdates
@aws-sdk/client-rum
from 3.350.0 to 3.363.0Release notes
Sourced from
@aws-sdk/client-rum
's releases.... (truncated)
Changelog
Sourced from
@aws-sdk/client-rum
's changelog.... (truncated)
Commits
0bda238
Publish v3.363.0d036e2e
feat(clients): use migrated@smithy
packages (#4873)4b3856a
Publish v3.362.0e5d52be
Publish v3.360.0e5d4fa8
Publish v3.359.0e5bc64e
Publish v3.358.0d10238a
Publish v3.357.060ec921
feat(clients): automatic blob type conversions (#4836)3bad043
Publish v3.354.0b8e893c
Publish v3.353.0You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws-observability/aws-rum-web/network/alerts).