Sourced from fast-xml-parser's releases.

Security Fix

Update to this release if you use entity parsing in Fast XML Parser.

v4

• Generating different combined, parser only, builder only, validator only browser bundles
• Keeping cjs modules as they can be imported in cjs and esm modules both. Otherwise refer esm branch.

4.0.0-beta.8 / 2021-12-13

• call tagValueProcessor for stop nodes

4.0.0-beta.7 / 2021-12-09

• fix Validator bug when an attribute has no value but '=' only
• XML Builder should suppress unpaired tags by default.
• documents update for missing features
• refactoring to use Object.assign
• refactoring to remove repeated code

4.0.0-beta.6 / 2021-12-05

• Support PI Tags processing
• Support suppressBooleanAttributes by XML Builder for attributes with value true.

4.0.0-beta.5 / 2021-12-04

• fix: when a tag with name "attributes"

4.0.0-beta.4 / 2021-12-02

• Support HTML document parsing
• skip stop nodes parsing when building the XML from JS object
• Support external entites without DOCTYPE
• update dev dependency: strnum v1.0.5 to fix long number issue

4.0.0-beta.3 / 2021-11-30

• support global stopNodes expression like "*.stop"
• support self-closing and paired unpaired tags
• fix: CDATA should not be parsed.
• Fix typings for XMLBuilder (#396)(By Anders Emil Salvesen)
• supports XML entities, HTML entities, DOCTYPE entities

⚠️ 4.0.0-beta.2 / 2021-11-19

• rename attrMap to attibutes in parser output when preserveOrder:true
• supports unpairedTags

⚠️ 4.0.0-beta.1 / 2021-11-18

• Parser returns an array now
  • to make the structure common
  • and to return root level detail
• renamed cdataTagName to cdataPropName
• Added commentPropName
• fix typings

⚠️ 4.0.0-beta.0 / 2021-11-16

... (truncated)

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

4.2.7 / 2023-07-30

• Fix: builder should set text node correctly when only textnode is present (#589) (By qianqing)
• Fix: Fix for null and undefined attributes when building xml (#585) (#598). A null or undefined value should be ignored. (By Eugenio Ceschia)

4.2.6 / 2023-07-17

• Fix: Remove trailing slash from jPath for self-closing tags (#595) (By Maciej Radzikowski)

4.2.5 / 2023-06-22

• change code implementation

4.2.4 / 2023-06-06

• fix security bug

4.2.3 / 2023-06-05

• fix security bug

4.2.2 / 2023-04-18

• fix #562: fix unpaired tag when it comes in last of a nested tag. Also throw error when unpaired tag is used as closing tag

4.2.1 / 2023-04-18

• fix: jpath after unpaired tags

4.2.0 / 2023-04-09

• support updateTag parser property

4.1.4 / 2023-04-08

• update typings to let user create XMLBuilder instance without options (#556) (By Patrick)
• fix: IsArray option isn't parsing tags with 0 as value correctly #490 (#557) (By Aleksandr Murashkin)
• feature: support oneListGroup to group repeated children tags udder single group

4.1.3 / 2023-02-26

• fix #546: Support complex entity value

4.1.2 / 2023-02-12

• Security Fix

4.1.1 / 2023-02-03

• Fix #540: ignoreAttributes breaks unpairedTags
• Refactor XML builder code

4.1.0 / 2023-02-02

• Fix '' in DTD comment throwing an error. (#533) (By Adam Baker)
• Set "eNotation" to 'true' as default

4.0.15 / 2023-01-25

• make "eNotation" optional

4.0.14 / 2023-01-22

... (truncated)

• 3c9e9fe update package detail
• d7ac4cc update changelog
• ed14c75 Add test for last fix for builder
• df7008f Fix for null and undefined attributes when building xml (#585) (#598)
• a04cd1e Only set textNodeName, build xml is error (#589)
• edb30dd update package
• 2f2f787 Remove trailing slash from jPath for self-closing tags (#595)
• 643816d update package details
• cc73065 Remove unused code (#587)
• 9a880b8 Merge pull request from GHSA-gpv5-7x3g-ghjv
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)