chore(deps): add fast-xml-parser resolution

[israx]

Description of changes

This PR adds the fast-xml-parser dep as a resolution to fix the ongoing depandabot alert

Issue #, if available

Description of how you validated changes

Checklist

• PR description included
• yarn test passes
• Unit Tests are changed or added
• Relevant documentation is changed or added (and PR referenced)

Checklist for repo maintainers

• Verify E2E tests for existing workflows are working as expected or add E2E tests for newly added workflows
• New source file paths included in this PR have been added to CODEOWNERS, if appropriate

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[mcintoac-aws]

@israx Wondering if you or anyone else has an update on when this fix will be included in a new version posted to npm? And if so, will there be npm versions published for both v5 and v6 which resolve the CVE? Thanks.

[mbp]

I tried updating to 6.4.4-unstable.6daf0d3.0 but we still get audit errors because aws-amplify depends on @aws-sdk/client-sts@"3.398.0" which has a dependency on fast-xml-parser@4.2.5.

$ npm why fast-xml-parser
fast-xml-parser@4.2.5
node_modules/@aws-sdk/client-sts/node_modules/fast-xml-parser
  fast-xml-parser@"4.2.5" from @aws-sdk/client-sts@3.398.0
  node_modules/@aws-sdk/client-sts
    @aws-sdk/client-sts@"3.398.0" from @aws-sdk/client-firehose@3.398.0
    node_modules/@aws-sdk/client-firehose
      @aws-sdk/client-firehose@"3.398.0" from @aws-amplify/analytics@7.0.41-unstable.6daf0d3.0
      node_modules/@aws-amplify/analytics
        @aws-amplify/analytics@"7.0.41-unstable.6daf0d3.0+6daf0d3" from aws-amplify@6.4.4-unstable.6daf0d3.0
        node_modules/aws-amplify
          aws-amplify@"6.4.4-unstable.6daf0d3.0" from the root project

[mcintoac-aws]

Worth noting that all of the affected @AWS-SDK packages seem to have been updated, with the fix version being 3.621.0.