Skip to content

Comments

Force upgrade fast-xml-parser package to >= 5.3.5#7870

Merged
kubermatic-bot merged 1 commit intokubermatic:mainfrom
ahmadhamzh:force-upgrade-fast-xml-parser-package
Feb 23, 2026
Merged

Force upgrade fast-xml-parser package to >= 5.3.5#7870
kubermatic-bot merged 1 commit intokubermatic:mainfrom
ahmadhamzh:force-upgrade-fast-xml-parser-package

Conversation

@ahmadhamzh
Copy link
Contributor

@ahmadhamzh ahmadhamzh commented Feb 22, 2026
edited by KhizerRehan
Loading

What this PR does / why we need it:
This PR addresses a security vulnerability in the fast-xml-parser package by adding a package override to force the use of a patched version.

Which issue(s) this PR fixes:
Ref:

What type of PR is this?
/kind bug
/kind chore

Does this PR introduce a user-facing change? Then add your Release Note here:

NONE

Documentation:

NONE

@kubermatic-bot kubermatic-bot added release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. docs/none Denotes a PR that doesn't need documentation (changes). kind/chore Updating grunt tasks etc; no production code changes. do-not-merge/code-freeze Indicates that a PR should not merge because it has not been approved for code freeze yet. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 22, 2026
@Waseem826 Waseem826 added the code-freeze-approved Indicates a PR has been approved by release managers during code freeze. label Feb 23, 2026
@kubermatic-bot kubermatic-bot removed the do-not-merge/code-freeze Indicates that a PR should not merge because it has not been approved for code freeze yet. label Feb 23, 2026
@ahmadhamzh ahmadhamzh force-pushed the force-upgrade-fast-xml-parser-package branch 2 times, most recently from 1cfd64c to 7d2abb7 Compare February 23, 2026 09:35
@ahmadhamzh ahmadhamzh force-pushed the force-upgrade-fast-xml-parser-package branch from 7d2abb7 to 39f529b Compare February 23, 2026 12:29
@kubermatic-bot kubermatic-bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 23, 2026
@KhizerRehan
Copy link
Contributor

KhizerRehan commented Feb 23, 2026
edited
Loading

/approve

@kubermatic-bot
Copy link
Contributor

kubermatic-bot commented Feb 23, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: KhizerRehan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubermatic-bot kubermatic-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 23, 2026
@KhizerRehan
Copy link
Contributor

KhizerRehan commented Feb 23, 2026

/lgtm

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Feb 23, 2026
@kubermatic-bot
Copy link
Contributor

kubermatic-bot commented Feb 23, 2026

LGTM label has been added.

DetailsGit tree hash: c1fc52796438d7f2a0900b675a5b8a40174b401c

@KhizerRehan
Copy link
Contributor

KhizerRehan commented Feb 23, 2026

/test pre-dashboard-web-integration-tests-ce

@kubermatic-triage-bot
Copy link

kubermatic-triage-bot commented Feb 23, 2026

/retest
This bot automatically retries jobs that failed/flaked on approved PRs

Review the full test history

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@kubermatic-bot kubermatic-bot merged commit 5b4e28e into kubermatic:main Feb 23, 2026
10 checks passed
@kubermatic-bot kubermatic-bot added this to the KKP 2.30 milestone Feb 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@KhizerRehan KhizerRehan

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. code-freeze-approved Indicates a PR has been approved by release managers during code freeze. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. docs/none Denotes a PR that doesn't need documentation (changes). kind/bug Categorizes issue or PR as related to a bug. kind/chore Updating grunt tasks etc; no production code changes. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

KKP 2.30

Development

Successfully merging this pull request may close these issues.

5 participants

@ahmadhamzh @KhizerRehan @kubermatic-bot @kubermatic-triage-bot @Waseem826