High CVE-2026-25128

[EinfachHans]

See: GHSA-37qj-frw5-hhjh

Please bump the dependency fast-xml-parser to at least 5.3.4

[a-stambultsian]

+1

[EinfachHans]

Update: Please bump it to 5.3.6:
GHSA-jmr7-xgp7-cmfj

[krnlde]

Docs even state that there should be no downwards compatibility issues, so it should be an easy bump:
https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md

5.0.0 / 2025-02-19

• ESM support
  • no change in the functionality, syntax, APIs, options, or documentation.

[robert-hebel-sb]

hi 👋
Security issues have been addressed in https://github.com/stoplightio/prism/releases/tag/v5.15.0