fix: override fast-xml-parser to 5.3.6 for CVE-2026-26278

[notgitika]

Description

Add npm override to force fast-xml-parser@5.3.6, resolving CVE-2026-26278 (DoS via XML entity expansion). @aws-sdk/xml-builder pins the vulnerable 5.3.4 — override should be removed once AWS updates their pin.

Related Issue

Closes #329

Documentation PR

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update
• Other (please describe): chore override

Testing

How have you tested the change?

• I ran npm run test:unit and npm run test:integ
• I ran npm run typecheck
• I ran npm run lint
• If I modified src/assets/, I ran npm run test:update-snapshots and committed the updated snapshots

Checklist

• I have read the CONTRIBUTING document
• I have added any necessary tests that prove my fix is effective or my feature works
• I have updated the documentation accordingly
• I have added an appropriate example to the documentation to outline the feature, or no new docs are needed
• My changes generate no new warnings
• Any dependent changes have been merged and published

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the
terms of your choice.

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	28.26%	1807 / 6393
🔵	Statements	27.59%	1875 / 6794
🔵	Functions	27.36%	356 / 1301
🔵	Branches	24.52%	918 / 3743

Generated in workflow #395 for commit e770777 by the Vitest Coverage Report Action