Bump fast-xml-parser from 4.5.6 to 5.7.1 in /react_native/trimblemaps-mobile-sdk-demo-reactnative/react_native/RNMapsSampleApp in the npm_and_yarn group across 1 directory

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /react_native/trimblemaps-mobile-sdk-demo-reactnative/react_native/RNMapsSampleApp directory: fast-xml-parser.

Updates fast-xml-parser from 4.5.6 to 5.7.1

Release notes

Sourced from fast-xml-parser's releases.

upgrade @​nodable/entities and FXB

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to use entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @​nodable/entities to replace entities

• No API change
• No change in performance for basic usage
• No typing change
• No config change
• new dependency
• breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

• increase default entity explansion limit as many projects demand for that

maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,

• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.9...v5.5.10

fix typins and matcher instance in callbacks

combine typings file to avoid configuration changes pass readonly instance of matcher to the call backs to avoid accidental push/pop call

fix bugs of entity parsing and value parsing

fix: entity expansion limits update strnum package to 2.2.0

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.1 / 2026-04-20

• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

5.7.0 / 2026-04-17

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to user entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

• fix: entity replacement for numeric entities
• use @​nodable/entities to replace entities
  • this may change some error messages related to entities expansion limit or inavlid use
  • post check would be exposed in future version

5.5.12 / 2026-04-13

• Performance Improvement: update path-expression-matcher
  • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

• Performance Improvement
  • integrate ExpressionSet for stopNodes

5.5.10 / 2026-04-03

• increase default entity explansion limit as many projects demand for that
• performance improvement
  • reduce calls to toString
  • early return when entities are not present
  • prepare rawAttrsForMatcher only if user sets jPath: false

5.5.9 / 2026-03-23

• combine typing files

... (truncated)

Commits

• 0f08303 fix typo
• f529642 update to release v5.7.0
• 52a8583 Revert "improve performance of attributes reading"
• 8d187f9 update builder
• e174168 improve performance of attributes reading
• 79a8dde update docs
• f5cd5a5 set xml version to decoder even if attributes are ignored
• f44b923 remove unwanted tests
• 869ec8b Use @​nodable/entities v2.1.0
• 7cb49e5 update release detail
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Medium Risk
Dependency-only update, but it introduces a major fast-xml-parser upgrade and bumps @react-native-community/cli to v20 with a higher Node engine requirement, which may break installs/tooling in older Node environments.

Overview
Updates RNMapsSampleApp’s npm dependencies by upgrading fast-xml-parser from 4.5.6 to 5.7.1, pulling in new transitive packages (e.g., @nodable/entities, fast-xml-builder, path-expression-matcher) and updated versions of related libs.

Also bumps @react-native-community/cli from 19.1.2 to 20.1.3 (and its subpackages), including updated transitive deps like body-parser/pretty-format and a newer Node engine requirement for the CLI in package-lock.json.

^{Reviewed by Cursor Bugbot for commit 64c1874. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 64c1874. Configure here.}

[cursor]

Node engine requirement mismatch after CLI major bump

High Severity

The project's engines field declares "node": ">=16", but bumping @react-native-community/cli from 19.1.2 to 20.1.3 introduces a dependency that requires "node": ">=20.19.4". Anyone running Node 16, 18, or even Node 20 below 20.19.4 would hit failures despite the project claiming compatibility. The engines field needs updating to match the new minimum, or the CLI major version bump needs to be reconsidered — this was a v19→v20 major bump pulled in alongside the fast-xml-parser update.

Additional Locations (1)

• react_native/trimblemaps-mobile-sdk-demo-reactnative/react_native/RNMapsSampleApp/package.json#L44-L45

 

^{Reviewed by Cursor Bugbot for commit 64c1874. Configure here.}

[cursor]

CLI v20 incompatible with project's React Native 0.80

High Severity

@react-native-community/cli was bumped from 19.1.2 to 20.1.3, but the project uses react-native@0.80.2. Per the official compatibility table, CLI v19 is for React Native 0.80.x while CLI v20 is for React Native 0.81+. This version mismatch can cause build failures, broken CLI commands, or subtle runtime issues since the CLI version is designed for a newer React Native release than what this project uses.

 

^{Reviewed by Cursor Bugbot for commit 64c1874. Configure here.}