Skip to content

Add Socket patch for CVE-2026-25896 in pkg:npm/fast-xml-parser@4.2.5#46

Open
socket-security[bot] wants to merge 2 commits into
mainfrom
socket/autopatch-1778696251795-34fef5f6
Open

Add Socket patch for CVE-2026-25896 in pkg:npm/fast-xml-parser@4.2.5#46
socket-security[bot] wants to merge 2 commits into
mainfrom
socket/autopatch-1778696251795-34fef5f6

Conversation

@socket-security
Copy link
Copy Markdown

@socket-security socket-security Bot commented May 13, 2026

Summary

This PR updates Socket security patches for your dependencies.

Changes

  • Added: CVE-2026-25896 in pkg:npm/fast-xml-parser@4.2.5 (Socket Patch)
    • Severity: CRITICAL
    • Summary: fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names

📦 Package.json Updates

This PR automatically configures your postinstall script to apply Socket patches:

  • Updated: 1 file
    • package.json

After merging, patches will automatically apply on npm install.

Testing

Review the patches and test your application to ensure compatibility.

🔒 Powered by Socket Security

socket-security Bot added 2 commits May 13, 2026 18:17
@socket-security
Add Socket patch for CVE-2026-25896 in pkg:npm/fast-xml-parser@4.2.5
5901ca8 
Updates:
- 2 blob(s) added
- 0 blob(s) removed
- Manifest updated
@socket-security
Setup Socket patches
a03b587 
Configures package.json postinstall scripts to automatically apply Socket security patches.
Copilot AI review requested due to automatic review settings May 13, 2026 18:17
Copilot AI reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@zuplo zuplo Bot temporarily deployed to Preview - Developer Portal May 13, 2026 18:18 Destroyed
@zuplo
Copy link
Copy Markdown

zuplo Bot commented May 13, 2026
edited
Loading

The latest build updates on your Zuplo project. Learn more about Zuplo for GitHub ↗︎

Name Status Preview Updated (UTC)
Developer Portal ⏭️ Skipped (Inspect) Visit Preview May 13, 2026, 06:19 PM
API Gateway ✅ Ready (Inspect) Visit Preview May 13, 2026, 06:19 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant