Fix Dependabot security vulnerabilities in fast-xml-parser and protobuf#9199
Draft
Fix Dependabot security vulnerabilities in fast-xml-parser and protobuf#9199
Conversation
- Add pnpm override for fast-xml-parser to force version 5.3.4 - Update protobuf from 5.29.3 to 6.33.5 in requirements/common.txt - Update pnpm-lock.yaml with new fast-xml-parser version Co-authored-by: Archaeopteryx <216576+Archaeopteryx@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Fix failed CI tasks for commit 3c0953e
Fix Dependabot security vulnerabilities in fast-xml-parser and protobuf
Feb 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Two Dependabot security update workflows failed for commit 3c0953e due to major version incompatibilities preventing automatic updates.
Changes
fast-xml-parser: Override transitive dependency (redoc → openapi-sampler → fast-xml-parser) to force v5.3.4 via pnpm overrides
protobuf: Bump Python dependency from 5.29.3 to 6.33.5 in requirements/common.txt with updated hashes
Technical Details
The fast-xml-parser update required a pnpm override since the vulnerable version was a transitive dependency multiple levels deep. Direct update of openapi-sampler was not feasible as it's pinned by redoc.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.