Skip to content

Update lockfiles to remediate fast-xml-builder Dependabot alerts#214

Merged
jayhill merged 1 commit into
mainfrom
copilot/address-dependabot-alerts-fast-xml-builder
May 9, 2026
Merged

Update lockfiles to remediate fast-xml-builder Dependabot alerts#214
jayhill merged 1 commit into
mainfrom
copilot/address-dependabot-alerts-fast-xml-builder

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 9, 2026

The open Dependabot alerts were caused by transitive resolutions of fast-xml-builder at 1.1.4, which is within the vulnerable range. This updates the affected lockfiles so installs resolve a patched release without changing top-level package manifests.

  • Scope

    • Updated the committed npm lockfiles in:
      • frontend/package-lock.json
      • serverless/package-lock.json

  • Dependency resolution

    • Moved transitive fast-xml-builder resolution from 1.1.4 to 1.2.0
    • Pulled in the corresponding transitive updates required by that resolution:
      • path-expression-matcher1.5.0
      • xml-naming0.1.0

  • Impact

    • Clears the fast-xml-builder alert path while keeping the change limited to dependency resolution data already captured in lockfiles
    • Leaves direct dependency declarations unchanged
"node_modules/fast-xml-builder": {
  "version": "1.2.0",
  "resolved": "https://registry.npmjs.org/fast-xml-builder/-/fast-xml-builder-1.2.0.tgz"
}

@jayhill jayhill marked this pull request as ready for review May 9, 2026 16:15
@jayhill jayhill merged commit 61ec934 into main May 9, 2026
8 checks passed
@jayhill jayhill deleted the copilot/address-dependabot-alerts-fast-xml-builder branch May 9, 2026 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jayhill jayhill

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jayhill