Bump fast-xml-parser and @aws-sdk/client-sts in /lib/aws-sdk/build

[dependabot]

Bumps fast-xml-parser to 5.2.5 and updates ancestor dependency @aws-sdk/client-sts. These dependencies need to be updated together.

Updates fast-xml-parser from 4.0.11 to 5.2.5

Release notes

Sourced from fast-xml-parser's releases.

upgrade to ESM module and fixing value parsing issues

• Support ESM modules
• fix value parsing issues
• a feature to access tag location is added (metadata)
• fix to read DOCTYPE correctly

Full Changelog: https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md

Summary update on all the previous releases from v4.2.4

• Multiple minor fixes provided in the validator and parser
• v6 is added for experimental use.
• ignoreAttributes support function, and array of string or regex
• Add support for parsing HTML numeric entities
• v5 of the application is ESM module now. However, JS is also supported

Note: Release section in not updated frequently. Please check CHANGELOG or Tags for latest release information.

Security Fix

Update to this release if you use entity parsing in Fast XML Parser.

Changelog

Sourced from fast-xml-parser's changelog.

Note: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.

5.3.1 / 2025-11-03

• Performance improvement for stopNodes (By Maciek Lamberski)

5.3.0 / 2025-10-03

• Use Uint8Array in place of Buffer in Parser

5.2.5 / 2025-06-08

• Inform user to use fxp-cli instead of in-built CLI feature
• Export typings for direct use

5.2.4 / 2025-06-06

• fix (#747): fix EMPTY and ANY with ELEMENT in DOCTYPE

5.2.3 / 2025-05-11

• fix (#747): support EMPTY and ANY with ELEMENT in DOCTYPE

5.2.2 / 2025-05-05

• fix (#746): update strnum to fix parsing issues related to enotations

5.2.1 / 2025-04-22

• fix: read DOCTYPE entity value correctly
• read DOCTYPE NOTATION, ELEMENT exp but not using read values

5.2.0 / 2025-04-03

• feat: support metadata on nodes (#593) (By Steven R. Loomis)

5.1.0 / 2025-04-02

• feat: declare package as side-effect free (#738) (By Thomas Bouffard)
• fix cjs build mode
• fix builder return type to string

5.0.9 / 2025-03-14

• fix: support numeric entities with values over 0xFFFF (#726) (By Marc Durdin)
• fix: update strnum to fix parsing 0 if skiplike option is used

5.0.8 / 2025-02-27

• fix parsing 0 if skiplike option is used.
  • updating strnum dependency

5.0.7 / 2025-02-25

• fix (#724) typings for cjs.

5.0.6 / 2025-02-20

• fix cli output (By Angel Delgado)
  • remove multiple JSON parsing

... (truncated)

Commits

• 7e74b4f deprecate in-built CLI
• 8be4bd5 fix doctype
• 9fc3524 export types in fxp.d.ts for better module usability (#744)
• 5bcf183 fix (#747): support EMPTY and ANY with ELEMENT in DOCTYPE
• 619b504 update strfix (#746): update strnum to fix parsing issues related to enotations
• 62365df update docs and package info
• 0c0b367 feat: read DOCTYPE ELEMENT exp
• 38d0234 refactored code of DOCTYPE
• 7c6cba4 feat read DOCTYPE NOTATION exp
• 7589705 fix: DOCTYPE entity value should be read correctly
• Additional commits viewable in compare view

Updates @aws-sdk/client-sts from 3.209.0 to 3.926.0

Release notes

Sourced from @​aws-sdk/client-sts's releases.

v3.926.0

3.926.0(2025-11-06)

Chores

• core/protocols: make error lookup in runtime protocol consistent with existing codegen (#7478) (64e9c616)

New Features

• clients: update client endpoints as of 2025-11-06 (4d3f1528)
• client-connect: Added support for Conditional Questions in Evaluation Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations: SearchEvaluationForms and SearchContactEvaluations. (45c43b47)
• client-gamelift: Amazon GameLift Servers now supports game builds that use the Windows 2022 operating system. (e38ba819)
• client-sagemaker: Added NodeProvisioningMode parameter to UpdateCluster API to determine how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer VPC. (382a2ff3)
• client-s3vectors: Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity. (cb2626e6)
• client-accessanalyzer: New field totalActiveErrors added to getFindingsStatistics response. (595167c7)
• client-s3tables: Adds support for tagging APIs for S3 Tables (4c268176)
• client-ec2: Add Amazon EC2 R8a instance types (7cb13679)
• client-identitystore: IdentityStore API: added new KMSExceptionReason fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt, CreatedBy, UpdatedAt and UpdatedBy. (28d85047)
• client-quicksight: Support for New Data Prep Experience (02e87fe9)
• client-ssm: Provides NoLongerSupportedException error message (70be2a35)
• client-backup: AWS Backup now supports customer-managed keys (CMK) for logically air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle. This feature helps organizations meet specific internal governance requirements or external regulatory compliance standards. (b83f5f99)

---

For list of updated packages, view updated-packages.md in assets-3.926.0.zip

v3.925.0

3.925.0(2025-11-05)

Chores

• codegen:
  • bump codegen version to 0.37.0 (#7476) (db3e4c47)
  • upgrade smithy to 1.63.0 (#7474) (beb698c7)
• deps: bump smithy package versions (#7475) (4a796b6c)

New Features

• client-sagemaker: Add new fields in SageMaker Hyperpod DescribeCluster API response: TargetStateCount, SoftwareUpdateStatus and ActiveSoftwareDeploymentConfig to provide AMI update progress visibility . (a29341a5)
• client-datazone: Added support for Project Resource Tags (64852ec8)
• client-s3: Launch IPv6 dual-stack support for S3 Express (a6a3e298)
• client-cloudfront: This release adds new and updated API operations. You can now use the IpAddressType field to specify either ipv4 or dualstack for your Anycast static IP list. You can also enable cross-account resource sharing to share your VPC origins with other AWS accounts (75c3cef3)
• client-groundstation: Introduce CreateDataflowEndpointGroupV2 action (67ac8eb6)
• client-ec2: This release adds AvailabilityZoneId support for DescribeFastSnapshotRestores, DisableFastSnapshotRestores, and EnableFastSnapshotRestores APIs. (68aae5bd)
• client-fsx: Amazon FSx now enables secure management of Active Directory credentials through AWS Secrets Manager integration. Customers can use Secret ARNs instead of direct credentials when joining resources to Active Directory domains. (4e481ba5)

---

... (truncated)

Changelog

Sourced from @​aws-sdk/client-sts's changelog.

3.926.0 (2025-11-06)

Note: Version bump only for package @​aws-sdk/client-sts

3.925.0 (2025-11-05)

Note: Version bump only for package @​aws-sdk/client-sts

3.922.0 (2025-10-31)

Bug Fixes

• middleware-user-agent: allow hash in userAgentAppId and propagate to inner clients (#7469) (03d94d1)

3.921.0 (2025-10-30)

Features

• client-sts: Update endpoint ruleset parameters casing (d28da8b)

3.920.0 (2025-10-29)

Bug Fixes

• credential-providers: use modified region resolver for inner STS clients (#7456) (4960a92)

3.919.0 (2025-10-28)

... (truncated)

Commits

• 065860a Publish v3.926.0
• b554e95 Publish v3.925.0
• 4a796b6 chore(deps): bump smithy package versions (#7475)
• ed7ac2a Publish v3.922.0
• 03d94d1 fix(middleware-user-agent): allow hash in userAgentAppId and propagate to inn...
• e8b9fd8 Publish v3.921.0
• d28da8b feat(client-sts): Update endpoint ruleset parameters casing
• da06f0e chore(codegen): sync for waiter and proxy fixes (#7467)
• 1d4bdbf Publish v3.920.0
• 4960a92 fix(credential-providers): use modified region resolver for inner STS clients...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.