v5.10.0
- Bump actions/checkout from 6.0.3 to 7.0.0 by @dependabot[bot] in https://github.com/NaturalIntelligence/fast-xml-parser/pull/849
- Bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7 by @dependabot[bot] in https://github.com/NaturalIntelligence/fast-xml-parser/pull/848
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.9.3...v5.10.0
v5.9.3
- Harden GitHub Actions workflows by @martincostello in https://github.com/NaturalIntelligence/fast-xml-parser/pull/841
- GitHub Actions workflow fixes by @martincostello in https://github.com/NaturalIntelligence/fast-xml-parser/pull/844
- @martincostello made their first contribution in https://github.com/NaturalIntelligence/fast-xml-parser/pull/841
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.9.2...v5.9.3
update strnum, use is-unsafe
- update strnum to 2.3.0
- you can set hex, binary, enotation, infinity, unicode
- validate unsafe HTML or XML data in doctype entities unsing 'is-unsafe' library. User can override rules by overriding EntityDecoder.
update strnum, FXB. Use xml-naming for DOCTYPE
- integrate xml-naming to validate DOCTYPE entity name and notation name (using qname because of backward compatibility)
- This will consider xml-version as well. '1.0' is default
- update strnum to 2.3.0
- You can set octal and binary parsing which is by deault off
- update fast-xml-builder to 1.2.0
- can sanitize tag names if found invalid
- fix format output
fix minor old bugs and update builder
- fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
- fix stop node expression when ns prefix is removed (found by iruizsalinas)
- update XML Builder to 1.1.7
- mark addEntity deprecated
backward compatibility for numerical external entity, fix #705, #817
- allow numerical external entity for backward compatibility
- fix #705: attributesGroupName working with preserveOrder
- fix #817: stackoverflow when tag expression is very long
upgrade @nodable/entities and FXB
- Use
@nodable/entitiesv2.1.0- breaking changes
- single entity scan. You're not allowed to use entity value to form another entity name.
- you cant add numeric external entity
- entity error message when expantion limit is crossed might change
- typings are updated for new options related to process entity
- please follow documentation of
@nodable/entitiesfor more detail. - performance
- if processEntities is false, then there should not be impact on performance.
- if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
- if processEntities is true, and you pass entity decoder separately
- if no entity then performance should be same as before
- if there are entities then performance should be increased from past versions
- ignoreAttributes is not required to be set to set xml version for NCR entity value
- breaking changes
- update 'fast-xml-builder' to sanitize malicious CDATA and comment's content
use @nodable/entities to replace entities
- No API change
- No change in performance for basic usage
- No typing change
- No config change
- new dependency
- breaking: error messages for entities might have been changed.
Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0