fix: CVE-2026-25896 security vulnerability

Automated dependency upgrade by Orbis Security AI

package-lock.json

@@ -32,6 +32,7 @@
                 "express": "~4.22.1",
                 "express-basic-auth": "~1.2.1",
                 "express-static-gzip": "~2.1.8",
+                "fast-xml-parser": "^5.3.5",
                 "feed": "~4.2.2",
                 "form-data": "~4.0.5",
                 "gamedig": "~5.3.2",
@@ -9004,9 +9005,9 @@
             }
         },
         "node_modules/fast-xml-parser": {
-            "version": "5.2.5",
-            "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.2.5.tgz",
-            "integrity": "sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==",
+            "version": "5.3.5",
+            "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.3.5.tgz",
+            "integrity": "sha512-JeaA2Vm9ffQKp9VjvfzObuMCjUYAp5WDYhRYL5LrBPY/jUDlUtOvDfot0vKSkB9tuX885BDHjtw4fZadD95wnA==",
             "funding": [
                 {
                     "type": "github",
@@ -9015,7 +9016,7 @@
             ],
             "license": "MIT",
             "dependencies": {
-                "strnum": "^2.1.0"
+                "strnum": "^2.1.2"
             },
             "bin": {
                 "fxparser": "src/cli/cli.js"
@@ -9431,6 +9432,24 @@
                 "node": ">=16.20.0"
             }
         },
+        "node_modules/gamedig/node_modules/fast-xml-parser": {
+            "version": "5.2.5",
+            "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.2.5.tgz",
+            "integrity": "sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==",
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/NaturalIntelligence"
+                }
+            ],
+            "license": "MIT",
+            "dependencies": {
+                "strnum": "^2.1.0"
+            },
+            "bin": {
+                "fxparser": "src/cli/cli.js"
+            }
+        },
         "node_modules/gamedig/node_modules/iconv-lite": {
             "version": "0.7.0",
             "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.0.tgz",

package.json

@@ -92,6 +92,7 @@
         "express": "~4.22.1",
         "express-basic-auth": "~1.2.1",
         "express-static-gzip": "~2.1.8",
+        "fast-xml-parser": "^5.3.5",
         "feed": "~4.2.2",
         "form-data": "~4.0.5",
         "gamedig": "~5.3.2",