chore(deps): bump fast-xml-parser and @aws-sdk/client-s3

[dependabot]

Bumps fast-xml-parser and @aws-sdk/client-s3. These dependencies needed to be updated together.
Updates fast-xml-parser from 4.0.11 to 5.2.5

Release notes

Sourced from fast-xml-parser's releases.

upgrade to ESM module and fixing value parsing issues

• Support ESM modules
• fix value parsing issues
• a feature to access tag location is added (metadata)
• fix to read DOCTYPE correctly

Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md

Summary update on all the previous releases from v4.2.4

• Multiple minor fixes provided in the validator and parser
• v6 is added for experimental use.
• ignoreAttributes support function, and array of string or regex
• Add support for parsing HTML numeric entities
• v5 of the application is ESM module now. However, JS is also supported

Note: Release section in not updated frequently. Please check CHANGELOG or Tags for latest release information.

Security Fix

Update to this release if you use entity parsing in Fast XML Parser.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

5.3.2 / 2025-11-14

• fix for import statement for v6

5.3.1 / 2025-11-03

• Performance improvement for stopNodes (By Maciek Lamberski)

5.3.0 / 2025-10-03

• Use Uint8Array in place of Buffer in Parser

5.2.5 / 2025-06-08

• Inform user to use fxp-cli instead of in-built CLI feature
• Export typings for direct use

5.2.4 / 2025-06-06

• fix (#747): fix EMPTY and ANY with ELEMENT in DOCTYPE

5.2.3 / 2025-05-11

• fix (#747): support EMPTY and ANY with ELEMENT in DOCTYPE

5.2.2 / 2025-05-05

• fix (#746): update strnum to fix parsing issues related to enotations

5.2.1 / 2025-04-22

• fix: read DOCTYPE entity value correctly
• read DOCTYPE NOTATION, ELEMENT exp but not using read values

5.2.0 / 2025-04-03

• feat: support metadata on nodes (#593) (By Steven R. Loomis)

5.1.0 / 2025-04-02

• feat: declare package as side-effect free (#738) (By Thomas Bouffard)
• fix cjs build mode
• fix builder return type to string

5.0.9 / 2025-03-14

• fix: support numeric entities with values over 0xFFFF (#726) (By Marc Durdin)
• fix: update strnum to fix parsing 0 if skiplike option is used

5.0.8 / 2025-02-27

• fix parsing 0 if skiplike option is used.
  • updating strnum dependency

5.0.7 / 2025-02-25

• fix (#724) typings for cjs.

5.0.6 / 2025-02-20

... (truncated)

Commits

• 7e74b4f deprecate in-built CLI
• 8be4bd5 fix doctype
• 9fc3524 export types in fxp.d.ts for better module usability (#744)
• 5bcf183 fix (#747): support EMPTY and ANY with ELEMENT in DOCTYPE
• 619b504 update strfix (#746): update strnum to fix parsing issues related to enotations
• 62365df update docs and package info
• 0c0b367 feat: read DOCTYPE ELEMENT exp
• 38d0234 refactored code of DOCTYPE
• 7c6cba4 feat read DOCTYPE NOTATION exp
• 7589705 fix: DOCTYPE entity value should be read correctly
• Additional commits viewable in compare view

Updates @aws-sdk/client-s3 from 3.226.0 to 3.937.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.937.0

3.937.0(2025-11-20)

Chores

• api record update (#7514) (8109474f)

Documentation Changes

• client-kinesis: Kinesis Data Streams now supports up to 50 Enhance Fan-out consumers for On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue with the existing limit of 20 consumers for Enhanced Fan-out. (dc1ec575)

New Features

• clients: update client endpoints as of 2025-11-20 (a15a5b22)
• client-dsql: Added clusterVpcEndpoint field to GetVpcEndpointServiceName API response, returning the VPC connection endpoint for the cluster (9fe2380d)
• client-bedrock-data-automation: Added support for Synchronous project type and PII Detection and Redaction (fe8bca9f)
• client-budgets: Add BillingViewHealthStatusException to DescribeBudgetPerformanceHistory and ServiceQuotaExceededException to UpdateBudget for improved error handling with Billing Views. (bdce2a67)
• client-s3: Enable / Disable ABAC on a general purpose bucket. (9816b260)
• client-networkmanager: This release adds support for Cloud WAN Routing Policy providing customers sophisticated routing controls to better manage their global networks (14daa70a)
• client-redshift-data: Increasing the length limit of Statement Name from 500 to 2048. (3091e42a)
• client-elastic-load-balancing-v2: This release adds the target optimizer feature in ALB, enabling strict concurrency enforcement on targets. (3da0b3fc)
• client-lakeformation: Added ServiceIntegrations as a request parameter for CreateLakeFormationIdentityCenterConfigurationRequest and UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for DescribeLakeFormationIdentityCenterConfigurationResponse (7615a8bc)
• client-braket: Add support for Braket spending limits. (13f6f508)
• client-sagemaker: Added training plan support for inference endpoints. Added HyperPod task governance with accelerator partition-based quota allocation. Added BatchRebootClusterNodes and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include privateDnsHostName. (859f793a)
• client-ec2: This release adds support for multiple features including: VPC Encryption Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM allocation of static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution; and EBS Volume Integration with Recycle Bin (6fdcb506)
• client-cloudtrail: AWS launches CloudTrail aggregated events to simplify monitoring of data events at scale. This feature delivers both granular and summarized data events for resources like S3/Lambda, helping security teams identify patterns without custom aggregation logic. (d7c651c8)
• client-emr: Add support for configuring S3 destination for step logs on a per-step basis. (b24d79f6)
• client-datasync: The partition value "aws-eusc" is now permitted for ARN (Amazon Resource Name) fields. (8a6adcf7)
• client-connect: Add optional ability to exclude users from send notification actions for Contact Lens Rules. (15d923a3)
• client-ecs: Launching Amazon ECS Express Mode - a new feature that enables developers to quickly launch highly available, scalable containerized applications with a single command. (f77f87ba)
• client-quicksight: Introducing comprehensive theme styling controls. New features include border customization (radius, width, color), flexible padding controls, background styling for cards and sheets, centralized typography management, and visual-level override support across layouts. (cd0d876d)
• client-rbin: Add support for EBS volume in Recycle Bin (7fdeb129)
• client-auto-scaling: This release adds support for three new features: 1) Image ID overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance Refresh, and 3) Instance Lifecycle Policy for enhanced instance lifecycle management. (fff870ea)
• client-imagebuilder: EC2 Image Builder now enables the distribution of existing AMIs, retry distribution, and define distribution workflows. It also supports automatic versioning for recipes and components, allowing automatic version increments and dynamic referencing in pipelines. (0d2985c2)
• client-bedrock-agentcore: Bedrock AgentCore Memory release for redriving memory extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob) (e5cc06e3)
• client-rds: Add support for VPC Encryption Controls. (e91f3548)
• client-cloudfront: This release adds support for bring your own IP (BYOIP) to CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field. (aa047c72)
• client-bedrock-data-automation-runtime: Bedrock Data Automation Runtime Sync API (f14c750f)
• client-license-manager: Added cross-account resource aggregation via license asset groups and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to Self-Managed Licenses, added reporting for license asset groups, and removed Athena/Glue dependencies for cross-account resource discovery in commercial regions. (54276060)
• client-glue: Added FunctionType parameter to Glue GetuserDefinedFunctions. (db36a145)
• client-securityhub: Release Findings and Resources Trends APIs- GetFindingsTrendsV2 and GetResourcesTrendsV2. This supports time-series aggregated counts with composite filtering for 1-year of historical data analysis of Findings and Resources. (82511def)
• client-application-signals: Amazon CloudWatch Application Signals now supports un-instrumented services discovery, cross-account views, and change history, helping SRE and DevOps teams monitor and troubleshoot their large-scale distributed applications. (0da48ba7)
• client-database-migration-service: Added support for customer-managed KMS key (CMK) for encryption for import private key certificate. Additionally added Amazon SageMaker Lakehouse endpoint used for zero-ETL integrations with data warehouses. (7edb9744)
• client-device-farm: Add support for environment variables and an IAM execution role. (3476f4df)
• client-organizations: Added new APIs for Billing Transfer, new policy type INSPECTOR_POLICY, and allow an account to transfer between organizations (674519a3)

---

For list of updated packages, view updated-packages.md in assets-3.937.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.937.0 (2025-11-20)

Features

• client-s3: Enable / Disable ABAC on a general purpose bucket. (9816b26)

3.936.0 (2025-11-19)

Note: Version bump only for package @​aws-sdk/client-s3

3.935.0 (2025-11-19)

Features

• client-s3: Adds support for blocking SSE-C writes to general purpose buckets. (cee2e72)

3.934.0 (2025-11-18)

Note: Version bump only for package @​aws-sdk/client-s3

3.933.0 (2025-11-17)

Note: Version bump only for package @​aws-sdk/client-s3

3.932.0 (2025-11-14)

Bug Fixes

... (truncated)

Commits

• 9981cbc Publish v3.937.0
• 9816b26 feat(client-s3): Enable / Disable ABAC on a general purpose bucket.
• a180cc7 Publish v3.936.0
• c31b14b Publish v3.935.0
• cee2e72 feat(client-s3): Adds support for blocking SSE-C writes to general purpose bu...
• ac2be51 chore(codegen): update for smithy/core serde fixes (#7511)
• 3b6a4d9 Publish v3.934.0
• 674fae6 Publish v3.933.0
• c28f46d Publish v3.932.0
• 6de803d fix(core/protocols): decorate service exceptions with unmodeled fields (#7504)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.