🔒️ Bump fast-xml-parser to 5.3.6 due to CVE-2026-26278

🔒️ Bump fast-xml-parser to 5.3.6 due to CVE-2026-26278 #1714