Skip to content

Fix fast-xml-parser vulnerability by bumping aws dependencies#390

Merged
liamness merged 1 commit intomainfrom
ld/fix-fast-xml-parser-vulnerability
Feb 18, 2026
Merged

Fix fast-xml-parser vulnerability by bumping aws dependencies#390
liamness merged 1 commit intomainfrom
ld/fix-fast-xml-parser-vulnerability

Conversation

@liamness
Copy link
Contributor

@liamness liamness commented Feb 12, 2026
edited
Loading

What does this change?

Responding to dependabot alert: https://github.com/guardian/pinboard/security/dependabot/188

This bumps all of the following to3.990.0

  • @aws-sdk/client-appsync
  • @aws-sdk/client-auto-scaling
  • @aws-sdk/client-dynamodb
  • @aws-sdk/client-ec2
  • @aws-sdk/client-lambda
  • @aws-sdk/client-s3
  • @aws-sdk/client-rds
  • @aws-sdk/client-ses
  • @aws-sdk/client-ssm
  • @aws-sdk/client-sts
  • @aws-sdk/credential-providers
  • @aws-sdk/lib-dynamodb

How has this change been tested?

Going to deploy to CODE and do a general smoke test. Think the trickiest thing to check will be email notifications?

Have deployed and all seems well in composer. Also checked email notifications, which seem to work just fine too:

image

How can we measure success?

Have we considered potential risks?

Images

Accessibility

@liamness liamness requested a review from twrichards as a code owner February 12, 2026 17:57
@liamness liamness added the maintenance Departmental tracking: maintenance work, not a fix or a feature label Feb 12, 2026
@liamness liamness requested a review from a team as a code owner February 12, 2026 17:57
@liamness liamness marked this pull request as draft February 13, 2026 09:12
@liamness liamness force-pushed the ld/fix-fast-xml-parser-vulnerability branch 2 times, most recently from 1861da3 to c7745af Compare February 16, 2026 10:36
@liamness liamness force-pushed the ld/fix-fast-xml-parser-vulnerability branch from c7745af to da4ac8e Compare February 16, 2026 10:39
@github-actions
Copy link

github-actions bot commented Feb 16, 2026

Deploy build 3307 of Editorial Tools::PinBoard to CODE

All deployment options

From guardian/actions-riff-raff.

@liamness liamness self-assigned this Feb 16, 2026
@liamness liamness marked this pull request as ready for review February 16, 2026 14:34
@liamness liamness merged commit a5baee5 into main Feb 18, 2026
8 checks passed
@liamness liamness deleted the ld/fix-fast-xml-parser-vulnerability branch February 18, 2026 14:40
@gu-prout
Copy link

gu-prout bot commented Feb 18, 2026

Seen on PROD (merged by @liamness 3 minutes and 16 seconds ago) Please check your changes!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dblatcher dblatcher dblatcher approved these changes

@twrichards twrichards Awaiting requested review from twrichards twrichards is a code owner

Assignees

@liamness liamness

@SHession SHession

Labels

maintenance Departmental tracking: maintenance work, not a fix or a feature Seen-on-PROD

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@liamness @dblatcher @SHession