Build(deps): Bump the npm-prod-minor group across 1 directory with 2 updates

[dependabot]

Bumps the npm-prod-minor group with 2 updates in the / directory: fast-xml-parser and yauzl.

Updates fast-xml-parser from 5.8.0 to 5.9.3

Release notes

Sourced from fast-xml-parser's releases.

v5.9.3

What's Changed

• Harden GitHub Actions workflows by @​martincostello in NaturalIntelligence/fast-xml-parser#841
• GitHub Actions workflow fixes by @​martincostello in NaturalIntelligence/fast-xml-parser#844

New Contributors

• @​martincostello made their first contribution in NaturalIntelligence/fast-xml-parser#841

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.2...v5.9.3

v5.9.2

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.1...v5.9.2

v5.9.1

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.9.0...v5.9.1

update strnum, use is-unsafe

• update strnum to 2.3.0
  • you can set hex, binary, enotation, infinity, unicode
• validate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library. User can override rules by overriding EntityDecoder.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

*5.9.3 / 2026-06-19

• update strnum

*5.9.2 / 2026-06-17

• dummy release to test changes in github action

*5.9.1 / 2026-06-17

• dummy release to test release from github action

*5.9.0 / 2026-06-15

• update strnum to 2.3.0
  • you can set hex, binary, enotation, infinity, unicode
• validate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library. User can override rules by overriding EntityDecoder.

*5.8.0 / 2026-05-12

• integrate xml-naming to validate DOCTYPE entity name and notation name (using qname becaue of backward compatibility)
  • This will consider xml-version as well. '1.0' is default
• update strnum to 2.3.0
  • You can set octal and binary parsing which is bydeault off
• update fast-xml-builder to 1.2.0
  • can sanitize tag names if found invalid
  • fix format output

5.7.3 / 2006-05-05

• fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
• fix stop node expression when ns prefix is removed (found by iruizsalinas)
• update XML Builder to 1.1.7
• mark addEntity deprecated

5.7.2 / 2026-04-25

• allow numerical external entity for backward compatibility
• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

• fix typo in CJS typing file

5.7.0 / 2026-04-17

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to user entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change

... (truncated)

Commits

• 93a09f1 5.9.3
• 9c1905e update strnum
• 8d71292 GitHub Actions workflow fixes (#844)
• 784a044 Harden GitHub Actions workflows (#841)
• bf9b81a 5.9.2
• 232abf5 update publish action for better security
• 73411fa update checklist
• d57e33b 5.9.1
• 3be603a testing release from Github
• b6c41ea Add GitHub Actions workflow for npm publishing
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for fast-xml-parser since your current version.

Updates yauzl from 3.3.2 to 3.4.0

Commits

• f5798e1 version 3.4.0
• 632d650 add promises API (#171)
• 73b1ba5 CONTRIBUTING.md
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions