From f6fba910bfc0abe82d231ed60e05483d92664c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Ad=C3=A1mek?= Date: Mon, 2 Feb 2026 10:20:26 +0100 Subject: [PATCH] fix: resolve fast-xml-parser security vulnerability Add npm override for fast-xml-parser to version 5.3.4 to fix high-severity vulnerability (GHSA-37qj-frw5-hhjh). Override is required because openapi-sampler specifies ^4.5.0 which doesn't include the 5.x fix. Co-Authored-By: Claude Opus 4.5 --- package-lock.json | 8 ++++---- package.json | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 46e641c35e..6e4e408768 100644 --- a/package-lock.json +++ b/package-lock.json @@ -65,7 +65,7 @@ }, "apify-docs-theme": { "name": "@apify/docs-theme", - "version": "1.0.230", + "version": "1.0.231", "license": "ISC", "dependencies": { "@apify/docs-search-modal": "^1.3.3", @@ -20290,9 +20290,9 @@ "license": "MIT" }, "node_modules/lodash-es": { - "version": "4.17.22", - "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.22.tgz", - "integrity": "sha512-XEawp1t0gxSi9x01glktRZ5HDy0HXqrM0x5pXQM98EaI0NxO6jVM7omDOxsuEo5UIASAnm2bRp1Jt/e0a2XU8Q==", + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.23.tgz", + "integrity": "sha512-kVI48u3PZr38HdYz98UmfPnXl2DXrpdctLrFLCd3kOx1xUkOmpFPx7gCWWM5MPkL/fD8zb+Ph0QzjGFs4+hHWg==", "license": "MIT" }, "node_modules/lodash.debounce": { diff --git a/package.json b/package.json index ef94d495d2..3f32faed34 100644 --- a/package.json +++ b/package.json @@ -116,6 +116,7 @@ "overrides": { "openapi-to-postmanv2": { "js-yaml": "4.1.1" - } + }, + "fast-xml-parser": "5.3.4" } }