Bump fast-xml-parser and @google-cloud/storage

[dependabot]

Bumps fast-xml-parser and @google-cloud/storage. These dependencies needed to be updated together.
Updates fast-xml-parser from 4.3.3 to 5.7.3

Release notes

Sourced from fast-xml-parser's releases.

fix minor old bugs and update builder

• fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
• fix stop node expression when ns prefix is removed (found by iruizsalinas)
• update XML Builder to 1.1.7
• mark addEntity deprecated

backward compatibility for numerical external entity, fix #705, #817

• allow numerical external entity for backward compatibility
• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

upgrade @​nodable/entities and FXB

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to use entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

use @​nodable/entities to replace entities

• No API change
• No change in performance for basic usage
• No typing change
• No config change
• new dependency
• breaking: error messages for entities might have been changed.

Full Changelog: NaturalIntelligence/fast-xml-parser@v5.5.12...v5.6.0

performance improvment, increase entity expansion default limit

• increase default entity explansion limit as many projects demand for that

maxEntitySize: 10000,
maxExpansionDepth: 10000,
maxTotalExpansions: Infinity,
maxExpandedLength: 100000,
maxEntityCount: 1000,

• performance improvement
  • reduce calls to toString
  • early return when entities are not present

... (truncated)

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

Note: Due to some last quick changes on v4, detail of v4.5.3 & v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion

5.7.3 / 2006-05-05

• fix: alwaysCreateTextNode should create text node when attributes are present for self closing node
• fix stop node expression when ns prefix is removed (found by iruizsalinas)
• update XML Builder to 1.1.7
• mark addEntity deprecated

5.7.2 / 2026-04-25

• allow numerical external entity for backward compatibility
• fix #705: attributesGroupName working with preserveOrder
• fix #817: stackoverflow when tag expression is very long

5.7.1 / 2026-04-20

• fix typo in CJS typing file

5.7.0 / 2026-04-17

• Use @nodable/entities v2.1.0
  • breaking changes
    • single entity scan. You're not allowed to user entity value to form another entity name.
    • you cant add numeric external entity
    • entity error message when expantion limit is crossed might change
  • typings are updated for new options related to process entity
  • please follow documentation of @nodable/entities for more detail.
  • performance
    • if processEntities is false, then there should not be impact on performance.
    • if processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%
    • if processEntities is true, and you pass entity decoder separately
      • if no entity then performance should be same as before
      • if there are entities then performance should be increased from past versions
  • ignoreAttributes is not required to be set to set xml version for NCR entity value
• update 'fast-xml-builder' to sanitize malicious CDATA and comment's content

5.6.0 / 2026-04-15

• fix: entity replacement for numeric entities
• use @​nodable/entities to replace entities
  • this may change some error messages related to entities expansion limit or inavlid use
  • post check would be exposed in future version

5.5.12 / 2026-04-13

• Performance Improvement: update path-expression-matcher
  • use proxy pattern than Proxy class

5.5.11 / 2026-04-08

• Performance Improvement
  • integrate ExpressionSet for stopNodes

... (truncated)

Commits

• d6d8042 update to release
• d263370 remove dev dependency 'he'
• f9c9a2c update builder to 1.1.7
• b65da87 update changelog and mark addEntity deprecated
• c2ca631 update fxb
• da75191 fix stop node expression when ns prefix is removed
• 31bbc99 fix: alwaysCreateTextNode should create text node when attributes are present...
• dab327a remove unnecessary
• ab04eeb update docs
• 383cb3f Revise security information for v6 release
• Additional commits viewable in compare view

Updates @google-cloud/storage from 7.7.0 to 7.19.0

Release notes

Sourced from @​google-cloud/storage's releases.

v7.19.0

7.19.0 (2026-02-05)

Features

• Enable full object checksum validation on JSON path (#2687) (08a8962)

Bug Fixes

• deps: Update dependency fast-xml-parser to v5 [security] (#2713) (420935a)

v7.18.0

7.18.0 (2025-11-28)

Features

• listBuckets: Add support for returning partial success (#2678) (c7004da)

v7.17.3

7.17.3 (2025-11-03)

Bug Fixes

• 🐛 fix the issue 2667, do not mutate object given to options … (#2668) (8a9f259)
• Revert implement path containment to prevent traversal attacks (254b6b2)

v7.17.2

7.17.2 (2025-10-06)

Bug Fixes

• Common Service: should retry a request failed (#2652) (b38b5d2)
• Implement path containment to prevent traversal attacks (#2654) (08d7abf)

v7.17.1

7.17.1 (2025-08-27)

Bug Fixes

• Respect useAuthWithCustomEndpoint flag for resumable uploads (#2637) (707b4f2)

v7.17.0

7.17.0 (2025-08-18)

... (truncated)

Changelog

Sourced from @​google-cloud/storage's changelog.

7.19.0 (2026-02-05)

Features

• Enable full object checksum validation on JSON path (#2687) (08a8962)

Bug Fixes

• deps: Update dependency fast-xml-parser to v5 [security] (#2713) (420935a)

7.18.0 (2025-11-28)

Features

• listBuckets: Add support for returning partial success (#2678) (c7004da)

7.17.3 (2025-11-03)

Bug Fixes

• 🐛 fix the issue 2667, do not mutate object given to options … (#2668) (8a9f259)
• Revert implement path containment to prevent traversal attacks (254b6b2)

7.17.2 (2025-10-06)

Bug Fixes

• Common Service: should retry a request failed (#2652) (b38b5d2)
• Implement path containment to prevent traversal attacks (#2654) (08d7abf)

7.17.1 (2025-08-27)

Bug Fixes

• Respect useAuthWithCustomEndpoint flag for resumable uploads (#2637) (707b4f2)

7.17.0 (2025-08-18)

Features

• Add CSEK to download (#2604) (cacc0be)

... (truncated)

Commits

• 95a2af4 chore(main): release 7.19.0 (#2694)
• 420935a fix(deps): update dependency fast-xml-parser to v5 [security] (#2713)
• 4e3c328 test: skip system tests requiring public access (#2717)
• 3052265 chore: fix lint failures (#2685)
• 08a8962 feat: Enable full object checksum validation on JSON path (#2687)
• 3dcda1b chore: lint failures (#2681)
• 3e5210f chore(main): release 7.18.0 (#2684)
• c7004da feat(listBuckets): Add support for returning partial success (#2678)
• 633a13a chore(python): remove configure_previous_major_version_branches (#2675)
• bae7040 samples: Add Soft Delete policy and object management samples (#2676)
• Additional commits viewable in compare view