fix: bump fast-xml-parser override to 5.5.7 (CVE-2026-33036, CVE-2026-33349) #713
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate PR Title | |
| on: | |
| pull_request_target: | |
| branches: [main] | |
| types: [opened, edited, synchronize, reopened] | |
| permissions: | |
| statuses: write | |
| jobs: | |
| validate-pr-title: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: read | |
| steps: | |
| - uses: amannn/action-semantic-pull-request@v6.1.1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| # Types aligned with this repo's commit conventions (see AGENTS.md) | |
| types: | | |
| feat | |
| fix | |
| docs | |
| style | |
| refactor | |
| perf | |
| test | |
| build | |
| ci | |
| chore | |
| revert | |
| requireScope: false | |
| # Repo convention: lowercase subjects (e.g., "feat: add new command") | |
| subjectPattern: ^[a-z].+$ | |
| subjectPatternError: | | |
| The subject "{subject}" found in the pull request title "{title}" | |
| must start with a lowercase letter. | |
| Example: "feat: add deploy command" | |
| # Validate the commit message when a PR has a single commit, since | |
| # GitHub suggests using it as the merge commit message on squash-merge | |
| validateSingleCommit: true | |
| validateSingleCommitMatchesPrTitle: true | |
| # Skip validation for bot/dependency PRs | |
| ignoreLabels: | | |
| bot | |
| dependencies |