Skip to content

chore(xml-builder): parse XML internally#7863

Open
kuhe wants to merge 1 commit intomainfrom
kuhe/chore/xml
Open

chore(xml-builder): parse XML internally#7863
kuhe wants to merge 1 commit intomainfrom
kuhe/chore/xml

Conversation

@kuhe
Copy link
Copy Markdown
Contributor

@kuhe kuhe commented Mar 18, 2026
edited
Loading

Issue

#7366

Description

Switch from fast-xml-parser to internal implementation.

Benchmarks: trivikr/benchmark-xml-parser#6

The main diff is that the XML parsing error will be communicated with a differently worded message.

Testing

snapshot tests, CI

Checklist

  • If the PR is a feature, add integration tests (*.integ.spec.ts) or E2E tests.
    • It's not a feature.
  • My E2E tests are resilient to concurrent i/o.
    • I didn't write any E2E tests.
  • I added access level annotations e.g. @public, @internal tags and enabled doc generation on the package. Remember that access level annotations go below the description, not above.
    • I didn't add any public functions.
  • Streams - how do they work?? My WebStream readers/locks are properly lifecycled. Node.js stream backpressure is handled. Error handling.
    • No streams here.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@kuhe kuhe force-pushed the kuhe/chore/xml branch 2 times, most recently from dc70fa0 to b73fa31 Compare March 18, 2026 16:24
@kuhe kuhe marked this pull request as ready for review March 18, 2026 16:24
@kuhe kuhe requested a review from a team as a code owner March 18, 2026 16:24
@kuhe kuhe changed the title chore(xml-builder): parse XML with xmldom chore(xml-builder): parse XML internally Mar 18, 2026
@kuhe kuhe force-pushed the kuhe/chore/xml branch 3 times, most recently from 8c2acf7 to 43baba0 Compare March 18, 2026 17:38
@kuhe kuhe mentioned this pull request Mar 18, 2026
Merged
@kuhe kuhe force-pushed the kuhe/chore/xml branch 4 times, most recently from b408de8 to 4fbf50c Compare March 20, 2026 00:26
@kuhe kuhe mentioned this pull request Mar 20, 2026
Open
2 tasks
kuhe
kuhe commented Mar 20, 2026
View reviewed changes
Comment thread packages-internal/xml-builder/src/xml-parser.spec.ts
@kuhe kuhe force-pushed the kuhe/chore/xml branch 2 times, most recently from 8e8ce96 to 99f5fab Compare March 20, 2026 18:50
kuhe
kuhe commented Mar 31, 2026
View reviewed changes
Comment thread packages-internal/xml-builder/src/xml-parser.ts Outdated
kuhe
kuhe commented Mar 31, 2026
View reviewed changes
Comment thread packages-internal/xml-builder/src/xml-parser.ts Outdated
@kuhe
chore(xml-builder): parse XML ourselves
4ad7777 
chore(xml-builder): avoid object key collisions

Co-authored-by: George Fu <kuhe@users.noreply.github.com>
@kuhe kuhe force-pushed the kuhe/chore/xml branch from a732ad4 to 4ad7777 Compare April 6, 2026 16:11
seven332 added a commit to vm0-ai/vm0 that referenced this pull request Apr 23, 2026
@seven332 @claude
fix(deps): patch aws-sdk xml-builder for fast-xml-parser 5.7 compat
863ff2e 
fast-xml-parser 5.7.0 made parser.addEntity("#...") a hard error (CHANGELOG:
"you cant add numeric external entity"). @aws-sdk/xml-builder@3.972.18 still
calls parser.addEntity("#xD", "\r") and addEntity("#10", "\n") as a legacy
fallback for S3/STS XML responses containing &#xD; / &#10; character refs.

Our fast-xml-parser override to >=5.7.0 (for GHSA-gh4j-gqv2-49f6) therefore
caused every S3 ListObjectsV2 / STS GetCallerIdentity call to throw
"Invalid character '#' in entity name: '#xD'" during XML deserialization,
surfacing as 500s from agent delete in e2e ser-t05-zero-agent.bats.

Patch drops both addEntity lines. fast-xml-parser 5.7.x decodes &#xD; and
&#10; internally (CHANGELOG 5.6.0: "fix: entity replacement for numeric
entities"), so the fallback is functionally redundant.

Refs:
- aws/aws-sdk-js-v3#7949
- aws-amplify/amplify-backend#3172
- Upstream replacement PR aws/aws-sdk-js-v3#7863 (still open)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@seven332 seven332 mentioned this pull request Apr 23, 2026
Closed
5 tasks
seven332 added a commit to vm0-ai/vm0 that referenced this pull request Apr 23, 2026
@seven332 @claude
fix(deps): patch aws-sdk xml-builder for fast-xml-parser 5.7 compat
21851ba 
fast-xml-parser 5.7.0 made parser.addEntity("#...") a hard error (CHANGELOG:
"you cant add numeric external entity"). @aws-sdk/xml-builder@3.972.18 still
calls parser.addEntity("#xD", "\r") and addEntity("#10", "\n") as a legacy
fallback for S3/STS XML responses containing &#xD; / &#10; character refs.

Our fast-xml-parser override to >=5.7.0 (for GHSA-gh4j-gqv2-49f6) therefore
caused every S3 ListObjectsV2 / STS GetCallerIdentity call to throw
"Invalid character '#' in entity name: '#xD'" during XML deserialization,
surfacing as 500s from agent delete in e2e ser-t05-zero-agent.bats.

Patch drops both addEntity lines. fast-xml-parser 5.7.x decodes &#xD; and
&#10; internally (CHANGELOG 5.6.0: "fix: entity replacement for numeric
entities"), so the fallback is functionally redundant.

Refs:
- aws/aws-sdk-js-v3#7949
- aws-amplify/amplify-backend#3172
- Upstream replacement PR aws/aws-sdk-js-v3#7863 (still open)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kuhe