[Aikido] Fix 16 security issues in fast-xml-parser, fast-uri, yaml and 4 more

[aikido-autofix]

Upgrade dependencies to fix critical XML entity injection XSS, XML entity expansion DoS attacks, stack overflow, path normalization bypass, and other security vulnerabilities.

⚠️ Incomplete breaking changes analysis (4/7 analyzed)

⚠️ Breaking changes analysis not available for: minimatch, brace-expansion, ajv

All breaking changes by upgrading fast-xml-parser from version 4.4.1 to 5.7.3 (CHANGELOG)

Version	Description
5.7.0	Single entity scan - entity values can no longer be used to form another entity name
5.7.0	Numeric external entities can no longer be added
5.7.0	Entity error messages when expansion limit is crossed may change
5.7.0	Typings updated for new options related to process entity

✅ 16 CVEs resolved by this upgrade, including 1 critical 🚨 CVE

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-25896	🚨 CRITICAL	[fast-xml-parser] A dot (.) in DOCTYPE entity names is treated as a regex wildcard, allowing attackers to shadow built-in XML entities with arbitrary values and bypass entity encoding. This leads to XSS when parsed output is rendered.
CVE-2026-26278	HIGH	[fast-xml-parser] XML entity expansion vulnerability allows attackers to cause denial of service by forcing unlimited entity expansion with minimal input, potentially freezing the application for extended periods.
CVE-2026-27942	HIGH	[fast-xml-parser] XML builder with preserveOrder:true causes stack overflow leading to denial of service when processing certain inputs. The application crashes due to improper recursion handling during XML construction.
CVE-2026-33036	HIGH	[fast-xml-parser] Numeric character references and standard XML entities bypass entity expansion limits, allowing attackers to cause XML entity expansion Denial of Service by forcing excessive memory allocation and CPU usage through crafted XML payloads.
CVE-2026-33349	MEDIUM	[fast-xml-parser] XML entity expansion vulnerability where setting maxEntityCount or maxEntitySize to 0 is bypassed due to JavaScript falsy checks, allowing attackers to cause denial of service through memory exhaustion. The vulnerability affects configurations explicitly set to restrict or disable entities.
AIKIDO-2026-10784	HIGH	[fast-uri] A path normalization vulnerability allows attackers to bypass security checks by using percent-encoded slashes and dots that are decoded before dot-segment removal, causing distinct URIs to normalize identically and compare equal.
CVE-2026-6321	HIGH	[fast-uri] A vulnerability in URI normalization allows attackers to bypass path-based access controls by using percent-encoded separators and dot segments that normalize to unintended paths. This enables policy bypass attacks where restricted paths can be accessed through specially crafted encoded URLs.
CVE-2026-6322	HIGH	[fast-uri] Normalize function improperly decodes percent-encoded authority delimiters in the host component, re-emitting them as raw delimiters during serialization. This allows attackers to bypass host allowlist checks and redirect requests to unintended authorities.
CVE-2026-33532	MEDIUM	[yaml] A stack overflow vulnerability in the YAML parser's node resolution phase allows attackers to trigger a RangeError via deeply nested YAML structures (~2-10 KB), potentially causing denial of service or process termination in applications that don't catch non-YAMLParseError exceptions.
CVE-2026-26996	LOW	[minimatch] A Regular Expression Denial of Service (ReDoS) vulnerability exists when glob patterns contain many consecutive * wildcards followed by a literal character, causing exponential backtracking with O(4^N) complexity. Applications passing user-controlled strings as patterns to minimatch() are vulnerable to severe performance degradation or hangs.
CVE-2026-27903	LOW	[minimatch] A ReDoS vulnerability in glob pattern matching causes unbounded recursive backtracking with multiple GLOBSTAR segments, enabling attackers to stall the event loop for tens of seconds via crafted patterns in build tools, CI/CD pipelines, or multi-tenant systems.
CVE-2026-27904	LOW	[minimatch] Nested extglobs (*() and +()) generate regexps with catastrophic backtracking, causing severe ReDoS denial-of-service attacks with minimal input patterns triggering multi-second hangs.
CVE-2026-33750	LOW	[brace-expansion] A brace pattern with zero step value causes an infinite loop, leading to denial of service through process hangs and excessive memory allocation. The vulnerability affects string expansion operations when malicious or malformed patterns are processed.
AIKIDO-2026-10477	LOW	[brace-expansion] A denial-of-service vulnerability allows attackers to craft malicious brace patterns with repeated numeric ranges that cause exponential expansion, consuming excessive CPU and memory until process failure. The fix introduces an optional maximum limit parameter to bound expansion work.
GHSA-6475-r3vj-m8vf	LOW	[@smithy/config-resolver] An attacker with environment access could set an invalid region value, potentially routing AWS API calls to non-AWS hosts. A validation enhancement was added to prevent improper endpoint construction through region input validation.
CVE-2025-69873	LOW	[ajv] A ReDoS vulnerability allows attackers to inject malicious regex patterns via the $data option, causing catastrophic backtracking and CPU exhaustion. A 31-character payload can block execution for ~44 seconds, enabling complete denial of service with minimal effort.

🤖 Remediation details

Fix security vulnerabilities in fast-xml-parser, fast-uri, yaml, minimatch, brace-expansion, @smithy/config-resolver, and ajv

Short summary

This PR remediates security vulnerabilities in seven npm packages: fast-xml-parser, fast-uri, yaml, minimatch, brace-expansion, @smithy/config-resolver, and ajv. All are transitive dependencies resolved through the root package.json and package-lock.json. Fixes were applied via three direct dependency version bumps in package.json (@aws-sdk/client-secrets-manager, @aws-sdk/credential-providers, aws-cdk-lib) and lockfile-only transitive updates for the remaining packages.

fast-xml-parser

fast-xml-parser was resolved at 4.4.1, which is vulnerable; the fix requires ≥ 4.5.5. The immediate parent @aws-sdk/core exact-pinned version 4.4.1, so a lockfile-only update was insufficient. Bumping the direct dependencies @aws-sdk/client-secrets-manager and @aws-sdk/credential-providers from ^3.348.0 to ^3.844.0 in package.json caused npm to resolve @aws-sdk/core to ≥ 3.844.0, which in turn pulls fast-xml-parser at 5.x (resolved 5.7.3), satisfying the patched version requirement.

fast-uri

fast-uri was resolved at 3.0.6 (vulnerable; fix requires ≥ 3.1.2) as a transitive dependency of ajv 8.x nested inside aws-cdk-lib. Because ajv 8.17.1 declares fast-uri as ^3.0.1, the fix was semver-compatible and resolved by running a lockfile-only update (npm update fast-uri --package-lock-only), bringing it to 3.1.2 without any manifest change.

yaml

yaml was resolved at 1.10.2 (vulnerable; fix requires ≥ 1.10.3) as a transitive dependency exact-pinned by aws-cdk-lib. The first aws-cdk-lib release that pins yaml to 1.10.3 is 2.245.0, so the direct dependency spec in package.json was widened from ^2.78.0 to ^2.245.0, and npm install --package-lock-only resolved yaml to 1.10.3.

minimatch

minimatch was resolved at 3.1.2 in multiple locations (vulnerable; fix requires ≥ 3.1.4). All parent packages (eslint, @eslint/eslintrc, @humanwhocodes/config-array, glob, jake, test-exclude, eslint-plugin-node) declare minimatch as ^3.1.2, making the fix semver-compatible. A lockfile-only update resolved the root instance to 3.1.5. The aws-cdk-lib-nested instance was already resolved to 10.2.5 (≥ 10.2.3) as a side effect of the aws-cdk-lib parent bump.

brace-expansion

brace-expansion was resolved at 1.1.12 (root, vulnerable; fix requires ≥ 1.1.14) and 2.0.2 (nested under filelist, vulnerable; fix requires ≥ 2.0.3). Both parent minimatch instances declare brace-expansion with caret ranges (^1.1.7 and ^2.0.1 respectively), so both were semver-compatible and resolved via a lockfile-only update to 1.1.15 and 2.1.1 respectively.

@smithy/config-resolver

@smithy/config-resolver was resolved at 4.1.4 (vulnerable; fix requires ≥ 4.4.0) as a transitive dependency of the AWS SDK packages. Bumping @aws-sdk/client-secrets-manager and @aws-sdk/credential-providers to ^3.844.0 in package.json resolved the AWS SDK ecosystem to a version where @smithy/config-resolver is either absorbed or resolved at ≥ 4.4.0, eliminating the vulnerable instance entirely from the lockfile.

ajv

ajv appeared in two major-version instances: 6.12.6 (dev, under eslint/@eslint/eslintrc; fix requires ≥ 6.14.0) and 8.17.1 (under aws-cdk-lib/table; fix requires ≥ 8.18.0). Both parent packages declare ajv with caret ranges (^6.12.4 and ^8.0.1 respectively), so both were semver-compatible and resolved via a lockfile-only update to 6.15.0 and 8.20.0 respectively.

Version changes

Package	From	To	Why updated
@aws-sdk/client-secrets-manager	^3.348.0	^3.844.0	Direct dep spec bump to fix fast-xml-parser and @smithy/config-resolver transitives
@aws-sdk/credential-providers	^3.348.0	^3.844.0	Direct dep spec bump, aligned with client-secrets-manager; same transitive chain
aws-cdk-lib	^2.78.0	^2.245.0	Direct dep spec bump to fix yaml transitive (1.10.3 first pinned at 2.245.0)
fast-xml-parser	4.4.1	5.7.3	Transitive fix after parent bump of @aws-sdk/client-secrets-manager / @aws-sdk/credential-providers
fast-uri	3.0.6	3.1.2	Lockfile-only semver resolution under ajv@8.x (aws-cdk-lib)
yaml	1.10.2	1.10.3	Transitive fix after parent bump of aws-cdk-lib
minimatch (root)	3.1.2	3.1.5	Lockfile-only semver resolution under eslint/eslintrc/glob/jake/test-exclude
minimatch (aws-cdk-lib nested)	3.1.2	10.2.5	Transitive after parent bump of aws-cdk-lib
minimatch (filelist nested)	5.1.6	5.1.9	Lockfile-only semver resolution under filelist
brace-expansion (root)	1.1.12	1.1.15	Lockfile-only semver resolution under minimatch@3.x
brace-expansion (filelist nested)	2.0.2	2.1.1	Lockfile-only semver resolution under minimatch@5.x (filelist)
brace-expansion (aws-cdk-lib nested)	1.1.12	5.0.6	Transitive after parent bump of aws-cdk-lib (minimatch now 10.x)
ajv (root, 6.x)	6.12.6	6.15.0	Lockfile-only semver resolution under eslint / @eslint/eslintrc
ajv (aws-cdk-lib nested, 8.x)	8.17.1	8.20.0	Lockfile-only semver resolution under table@6.9.0 (aws-cdk-lib)
@smithy/config-resolver	4.1.4	(removed)	Resolved by parent bump of AWS SDK packages; no longer a separate lockfile instance

[github-actions]

Package lock diff

 2.4.1 -> 2.6.1
node_modules/@aws-cdk/asset-awscli-v1 2.2.242 -> 2.2.282
node_modules/@aws-cdk/asset-node-proxy-agent-v6 2.1.0 -> 2.1.2
node_modules/@aws-cdk/cloud-assembly-schema 45.2.0 -> 54.2.0
node_modules/@aws-cdk/cloud-assembly-schema/node_modules/jsonschema 1.4.1 -> 1.5.0
node_modules/@aws-cdk/cloud-assembly-schema/node_modules/semver 7.7.2 -> 7.8.1
node_modules/@aws-sdk/client-cognito-identity 3.840.0 -> 3.1063.0
node_modules/@aws-sdk/client-secrets-manager 3.840.0 -> 3.1063.0
node_modules/@aws-sdk/client-sso removed
node_modules/@aws-sdk/core 3.840.0 -> 3.974.18
node_modules/@aws-sdk/credential-provider-cognito-identity 3.840.0 -> 3.972.42
node_modules/@aws-sdk/credential-provider-env 3.840.0 -> 3.972.44
node_modules/@aws-sdk/credential-provider-http 3.840.0 -> 3.972.46
node_modules/@aws-sdk/credential-provider-ini 3.840.0 -> 3.972.50
node_modules/@aws-sdk/credential-provider-node 3.840.0 -> 3.972.52
node_modules/@aws-sdk/credential-provider-process 3.840.0 -> 3.972.44
node_modules/@aws-sdk/credential-provider-sso 3.840.0 -> 3.972.49
node_modules/@aws-sdk/credential-provider-web-identity 3.840.0 -> 3.972.49
node_modules/@aws-sdk/credential-providers 3.840.0 -> 3.1063.0
node_modules/@aws-sdk/middleware-host-header removed
node_modules/@aws-sdk/middleware-logger removed
node_modules/@aws-sdk/middleware-recursion-detection removed
node_modules/@aws-sdk/middleware-user-agent removed
node_modules/@aws-sdk/nested-clients 3.840.0 -> 3.997.17
node_modules/@aws-sdk/region-config-resolver removed
node_modules/@aws-sdk/token-providers 3.840.0 -> 3.1063.0
node_modules/@aws-sdk/types 3.840.0 -> 3.973.11
node_modules/@aws-sdk/util-endpoints removed
node_modules/@aws-sdk/util-user-agent-browser removed
node_modules/@aws-sdk/util-user-agent-node removed
node_modules/@aws-sdk/xml-builder 3.821.0 -> 3.972.28
node_modules/@smithy/abort-controller removed
node_modules/@smithy/config-resolver removed
node_modules/@smithy/core 3.6.0 -> 3.24.6
node_modules/@smithy/credential-provider-imds 4.0.6 -> 4.3.8
node_modules/@smithy/fetch-http-handler 5.0.4 -> 5.4.6
node_modules/@smithy/hash-node removed
node_modules/@smithy/invalid-dependency removed
node_modules/@smithy/is-array-buffer removed
node_modules/@smithy/middleware-content-length removed
node_modules/@smithy/middleware-endpoint removed
node_modules/@smithy/middleware-retry removed
node_modules/@smithy/middleware-serde removed
node_modules/@smithy/middleware-stack removed
node_modules/@smithy/node-config-provider removed
node_modules/@smithy/node-http-handler 4.0.6 -> 4.7.7
node_modules/@smithy/property-provider removed
node_modules/@smithy/protocol-http removed
node_modules/@smithy/querystring-builder removed
node_modules/@smithy/querystring-parser removed
node_modules/@smithy/service-error-classification removed
node_modules/@smithy/shared-ini-file-loader removed
node_modules/@smithy/signature-v4 5.1.2 -> 5.4.6
node_modules/@smithy/smithy-client removed
node_modules/@smithy/types 4.3.1 -> 4.14.3
node_modules/@smithy/url-parser removed
node_modules/@smithy/util-base64 removed
node_modules/@smithy/util-body-length-browser removed
node_modules/@smithy/util-body-length-node removed
node_modules/@smithy/util-buffer-from removed
node_modules/@smithy/util-config-provider removed
node_modules/@smithy/util-defaults-mode-browser removed
node_modules/@smithy/util-defaults-mode-node removed
node_modules/@smithy/util-endpoints removed
node_modules/@smithy/util-hex-encoding removed
node_modules/@smithy/util-middleware removed
node_modules/@smithy/util-retry removed
node_modules/@smithy/util-stream removed
node_modules/@smithy/util-uri-escape removed
node_modules/@smithy/util-utf8 removed
node_modules/@types/uuid removed
node_modules/ajv 6.12.6 -> 6.15.0
node_modules/aws-cdk-lib 2.204.0 -> 2.258.0
node_modules/aws-cdk-lib/node_modules/ajv 8.17.1 -> 8.20.0
node_modules/aws-cdk-lib/node_modules/balanced-match 1.0.2 -> 4.0.4
node_modules/aws-cdk-lib/node_modules/brace-expansion 1.1.12 -> 5.0.6
node_modules/aws-cdk-lib/node_modules/concat-map removed
node_modules/aws-cdk-lib/node_modules/fast-uri 3.0.6 -> 3.1.2
node_modules/aws-cdk-lib/node_modules/fs-extra 11.3.0 -> 11.3.5
node_modules/aws-cdk-lib/node_modules/jsonfile 6.1.0 -> 6.2.1
node_modules/aws-cdk-lib/node_modules/minimatch 3.1.2 -> 10.2.5
node_modules/aws-cdk-lib/node_modules/semver 7.7.2 -> 7.8.1
node_modules/aws-cdk-lib/node_modules/yaml 1.10.2 -> 1.10.3
node_modules/bowser 2.11.0 -> 2.14.1
node_modules/brace-expansion 1.1.12 -> 1.1.15
node_modules/constructs 10.4.2 -> 10.6.0
node_modules/fast-xml-parser 4.4.1 -> 5.7.3
node_modules/filelist/node_modules/brace-expansion 2.0.2 -> 2.1.1
node_modules/filelist/node_modules/minimatch 5.1.6 -> 5.1.9
node_modules/minimatch 3.1.2 -> 3.1.5
node_modules/strnum 1.1.2 -> 2.3.0
node_modules/uuid removed
node_modules/@aws-crypto/crc32 added
node_modules/@aws-sdk/credential-provider-login added
node_modules/@aws-sdk/signature-v4-multi-region added
node_modules/@aws/lambda-invoke-store added
node_modules/@nodable/entities added
node_modules/aws-cdk-lib/node_modules/@aws-cdk/cloud-assembly-api added
node_modules/fast-xml-builder added
node_modules/path-expression-matcher added
node_modules/xml-naming added

[aikido-autofix]

Closed by Aikido: a new AutoFix has been created → #40