fast-xml-parser CVE-2026-27942 #2617
Description
Describe the bug
OpenAPI core depends on a vulnerable version of fast-xml-parser:
Transitive dependency fast-xml-parser 5.3.6 is introduced via
@redocly/cli 2.20.0 ... fast-xml-parser 5.3.6
fast-xml-parser
Affected versions: < 5.3.8
Patched version: 5.3.8
To Reproduce
Expected behavior
Logs
OpenAPI description
Redocly version(s)
Node.js version(s)
OS, environment
Additional context