fix(dependencies): update fast-xml-parser to 5.5.7 and simple-git to …

[sid-bruno]

Description

Critical Dependency Update Check

Contribution Checklist:

• I've used AI significantly to create this pull request
• The pull request only addresses one issue or adds one feature.
• The pull request does not introduce any breaking changes
• I have added screenshots or gifs to help explain the change if applicable.
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

Note: Keeping the PR small and focused helps make it easier to review and merge. If you have multiple changes you want to make, please consider submitting them as separate pull requests.

Publishing to New Package Managers

Please see here for more information.

Summary by CodeRabbit

• Chores
  • Pinned and updated various dependencies across packages: fast-xml-parser (5.5.7), pbkdf2 (3.1.5), simple-git (3.32.3), and updated AWS SDK credential provider versions.
  • Bumped Rollup to 3.30.0 and replaced the older terser plugin with @rollup/plugin-terser across builds to standardize tooling.

[Copilot]

Pull request overview

Updates dependencies as part of a “Critical Dependency Update Check” across the monorepo workspaces, primarily targeting XML parsing and git integration used by testbench and Electron app packages.

Changes:

• Bump fast-xml-parser in @usebruno/tests to ^5.5.7.
• Bump simple-git in bruno-electron to 3.32.3.
• Add root-level npm overrides for fast-xml-parser and pbkdf2, with corresponding package-lock.json updates.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File	Description
packages/bruno-tests/package.json	Updates fast-xml-parser version used by the testbench server utilities.
packages/bruno-electron/package.json	Updates simple-git version used by the Electron app’s git utilities.
package.json	Adds/adjusts root overrides for dependency pinning.
package-lock.json	Lockfile changes reflecting updated dependency graph (including new transitive deps).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1e9157ee-78f9-4d1e-ba70-5e890e0a1036

📥 Commits

Reviewing files that changed from the base of the PR and between ef392ef and 9eedd5e.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

---

Walkthrough

Updated dev tooling and runtime dependency versions across the monorepo; replaced usages of rollup-plugin-terser with @rollup/plugin-terser and adjusted Rollup and specific package dependency pins/bumps.

Changes

Cohort / File(s)	Summary
Root / overrides package.json	Bumped root eslint devDependency; updated overrides to rollup@3.30.0; added pbkdf2@3.1.5 override; adjusted newline at EOF.
Rollup devDeps & overrides packages/*/package.json (e.g. packages/bruno-common/package.json, packages/bruno-converters/package.json, packages/bruno-filestore/package.json, packages/bruno-graphql-docs/package.json, packages/bruno-js/package.json, packages/bruno-requests/package.json, packages/bruno-query/package.json)	Bumped rollup to 3.30.0 and replaced rollup-plugin-terser (^7.0.2) with @rollup/plugin-terser (^1.0.0) in devDependencies and overrides.
Rollup plugin imports / bundler scripts packages/*/rollup.config.js, packages/bruno-js/src/sandbox/bundle-libraries.js	Switched imports from const { terser } = require('rollup-plugin-terser') to const terser = require('@rollup/plugin-terser').default; plugin usage remains terser().
Runtime dependency bumps / pins packages/bruno-electron/package.json, packages/bruno-cli/package.json, packages/bruno-tests/package.json	Bumped @aws-sdk/credential-providers from 3.750.0 → 3.1019.0 (electron, cli); pinned simple-git from ^3.22.0 → 3.32.3 (electron); bumped fast-xml-parser ^5.0.8 → ^5.5.7 (bruno-tests).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

dependencies

Suggested reviewers

• lohit-bruno
• helloanoop
• naman-bruno

Poem

⚙️ Pins shifted, plugins changed their tune,
Rollup dances up to thirty-thirty soon.
Terser’s import takes a gentler stroll,
Versions align and builds stay whole. 🚀

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title mentions updating fast-xml-parser and simple-git, but the changeset also includes extensive rollup and terser plugin migrations across multiple packages, which represents a more significant scope than the title suggests.	Consider revising the title to reflect the full scope: e.g., 'fix(dependencies): migrate rollup-plugin-terser to @rollup/plugin-terser and update dependencies' or clarify if this is part of a larger effort.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/bruno-tests/package.json (1)

29-29: Consider exact-pinning fast-xml-parser for consistency with root overrides.

Root-level overrides don't apply when this workspace package is installed independently. The caret range ^5.5.7 can drift outside the monorepo's pinned version 5.5.7, risking inconsistent behavior. Exact-pin to 5.5.7 for deterministic dependency resolution.

Proposed change

-    "fast-xml-parser": "^5.5.7",
+    "fast-xml-parser": "5.5.7",

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/bruno-tests/package.json` at line 29, Update the fast-xml-parser
dependency in this workspace package's package.json to an exact version to match
root overrides: replace the caret range for the "fast-xml-parser" entry
(currently "^5.5.7") with the exact pinned version "5.5.7" so the package
installs deterministically when used outside the monorepo.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Around line 96-98: package-lock.json does not reflect the intended overrides
for fast-xml-parser (5.5.7) and pbkdf2 (3.1.5); remove package-lock.json, verify
the override entries for "fast-xml-parser" and "pbkdf2" in package.json are
correctly formatted for your npm version (or use npm's "overrides" field), then
run a fresh install (npm install) to regenerate the lockfile and confirm
package-lock.json now contains fast-xml-parser@5.5.7 and pbkdf2@3.1.5; if issues
persist, run npm ls fast-xml-parser and npm ls pbkdf2 to find which packages are
pulling older versions and add/rescope overrides accordingly.

---

Nitpick comments:
In `@packages/bruno-tests/package.json`:
- Line 29: Update the fast-xml-parser dependency in this workspace package's
package.json to an exact version to match root overrides: replace the caret
range for the "fast-xml-parser" entry (currently "^5.5.7") with the exact pinned
version "5.5.7" so the package installs deterministically when used outside the
monorepo.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 56f3351a-f66b-4330-9f00-159aec1a3dd9

📥 Commits

Reviewing files that changed from the base of the PR and between c01942a and 2fc09a9.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• package.json
• packages/bruno-electron/package.json
• packages/bruno-tests/package.json