chore: bump up fast-xml-parser version to v4.4.1 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
fast-xml-parser	4.4.0 -> 4.4.1

GitHub Vulnerability Alerts

CVE-2024-41818

Summary

A ReDOS exists on currency.js was discovered by Gauss Security Labs R&D team.

Details

https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10
contains a vulnerable regex

PoC

pass the following string '\t'.repeat(13337) + '.'

Impact

Denial of service during currency parsing in experimental version 5 of fast-xml-parser-library

https://gauss-security.com

---

Release Notes

NaturalIntelligence/fast-xml-parser (fast-xml-parser)

v4.4.1

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[graphite-app]

Your org has enabled the Graphite merge queue for merging into canary

Add the label “merge” to the PR and Graphite will automatically add it to the merge queue when it’s ready to merge. Or use the label “hotfix” to add to the merge queue as a hot fix.

You must have a Graphite account and log in to Graphite in order to use the merge queue. Sign up using this link.

[nx-cloud]

☁️ Nx Cloud Report

CI is running/has finished running commands for commit f12e62a. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this CI Pipeline Execution

---

✅ Successfully ran 6 targets

• nx test:coverage @affine/monorepo
• nx build @affine/native -- --target x86_64-pc-windows-msvc --use-napi-cross
• nx build @affine/native -- --target x86_64-apple-darwin --use-napi-cross
• nx build @affine/native -- --target x86_64-unknown-linux-gnu --use-napi-cross
• nx build @affine/native -- --target aarch64-apple-darwin --use-napi-cross
• nx build @affine/server-native -- --target x86_64-unknown-linux-gnu --use-napi-cross

---

Sent with 💌 from NxCloud.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 55.24%. Comparing base (5938d8b) to head (f12e62a).
Report is 1 commits behind head on canary.

Additional details and impacted files

@@            Coverage Diff             @@
##           canary    #7752      +/-   ##
==========================================
- Coverage   55.26%   55.24%   -0.02%     
==========================================
  Files        1006     1006              
  Lines       43445    43445              
  Branches     5197     5197              
==========================================
- Hits        24008    24001       -7     
- Misses      19076    19082       +6     
- Partials      361      362       +1     

Flag	Coverage Δ
server-test	78.81% <ø> (-0.01%)	⬇️
unittest	26.50% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.