Replace XML parsing and building libraries#1624
Conversation
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Pull request overview
Switches the Salesforce API XML parsing/building implementation from fast-xml-parser / fast-xml-builder to @jetstreamapp/simple-xml, and adds/updates tests to lock in expected XML shapes.
Changes:
- Replace XML parsing/building calls in
libs/salesforce-apiwith@jetstreamapp/simple-xml(parse/build). - Remove
fast-xml-parserandfast-xml-builderdirect dependencies and add@jetstreamapp/simple-xml. - Add snapshot-style XML parsing/building tests and tighten existing XML parsing assertions.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
yarn.lock |
Adds @jetstreamapp/simple-xml and removes direct lock entries tied to the old XML libs. |
package.json |
Adds @jetstreamapp/simple-xml dependency; removes fast-xml-parser/fast-xml-builder. |
libs/salesforce-api/src/lib/salesforce-package.utils.ts |
Migrates manifest parsing and package.xml building to simple-xml. |
libs/salesforce-api/src/lib/callout-adapter.ts |
Migrates SOAP/XML response parsing to simple-xml. |
libs/salesforce-api/src/lib/__tests__/xml-parsing-snapshot.spec.ts |
Introduces snapshot tests to pin exact XML parse/build output shapes. |
libs/salesforce-api/src/lib/__tests__/callout-adapter.spec.ts |
Updates assertions to reflect (and verify) the new parser output. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
libs/salesforce-api/src/lib/__tests__/xml-parsing-snapshot.spec.ts
Outdated
Show resolved
Hide resolved
paustint
force-pushed
the
feat/1623-swap-xml-lib
branch
from
7d0d11f to
633b1a2
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 6 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…/simple-xml for XML parsing and building
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 6 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
paustint
force-pushed
the
feat/1623-swap-xml-lib
branch
from
633b1a2 to
2db670a
Compare
Switch from
fast-xml-parserandfast-xml-builderto@jetstreamapp/simple-xmlfor improved XML parsing and building functionality. This change streamlines the codebase and enhances performance.Fast XML parser has had many vulnerability reports and has had releases without proper codebase updates. Their library covers many more cases than we need to worry about.
We should roll our own XML parser that handles our cases exactly without bloat, vulnerabilities, and potential supply chain issues.
Ref:
NaturalIntelligence/fast-xml-parser#814
NaturalIntelligence/fast-xml-parser#813
#1618 (had bugs with a patch release in fast-xml-parser with breaking changes on a patch version)