fix(deps): bump fast-xml-parser to 5.5.8 and refresh vulnerable transitive deps

[czubocha]

Summary

• Bump fast-xml-parser from 5.5.6 to 5.5.8 and @aws-sdk/xml-builder from 3.972.13 to 3.972.15 to resolve remaining XML parsing vulnerabilities
• Bump hono from 4.12.5 to 4.12.8 to pick up latest security and stability patches
• Refresh transitive dependencies (path-expression-matcher 1.1.3 → 1.2.0, strnum 2.2.1 → 2.2.2)

All changes are lockfile-only — no source code modifications.

Made with Cursor

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5f8e7741-030b-4b94-90b8-a903058b2317

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-vulns

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Mmarzex]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.