Sync Windows hotfix to release/bi-1.8.x

.trivyignore

@@ -4,3 +4,12 @@
 # No fix released by the author
 # https://github.com/wso2/vscode-extensions/issues/550
 CVE-2020-36851
+
+# No fix released by the author
+CVE-2025-14505
+
+# Library is used in nested dependencies and not directly used by our codebase. No fix released by the author.
+CVE-2025-69873
+
+# used in nested dependencies and not directly used by our codebase. No fix released by the author.
+CVE-2026-26996

common/autoinstallers/rush-plugins/package.json

@@ -4,6 +4,7 @@
   "private": true,
   "pnpm": {
     "overrides": {
+      "fast-xml-parser": "5.3.7"
     }
   },
   "dependencies": {

common/config/rush/.pnpmfile.cjs

@@ -76,14 +76,17 @@ module.exports = {
           pkg.dependencies['eslint'] = '^9.27.0';
         }
         if (pkg.dependencies['fast-xml-parser']) {
-          pkg.dependencies['fast-xml-parser'] = '5.3.4';
+          pkg.dependencies['fast-xml-parser'] = '5.3.7';
         }
         if (pkg.dependencies['hono']) {
           pkg.dependencies['hono'] = '^4.11.7';
         }
         if (pkg.dependencies['lodash']) {
           pkg.dependencies['lodash'] = '4.17.23';
         }
+        if (pkg.dependencies['bn.js']) {
+          pkg.dependencies['bn.js'] = '5.2.3';
+        }
       }
 
       if (pkg.devDependencies) {
@@ -140,14 +143,17 @@ module.exports = {
           pkg.devDependencies['eslint'] = '^9.27.0';
         }
         if (pkg.devDependencies['fast-xml-parser']) {
-          pkg.devDependencies['fast-xml-parser'] = '5.3.4';
+          pkg.devDependencies['fast-xml-parser'] = '5.3.7';
         }
         if (pkg.devDependencies['hono']) {
           pkg.devDependencies['hono'] = '^4.11.7';
         }
         if (pkg.devDependencies['lodash']) {
           pkg.devDependencies['lodash'] = '4.17.23';
         }
+        if (pkg.devDependencies['bn.js']) {
+          pkg.devDependencies['bn.js'] = '5.2.3';
+        }
       }
 
       return pkg;