chore(deps): bump feedsmith from 2.9.0 to 2.9.1

[dependabot]

Bumps feedsmith from 2.9.0 to 2.9.1.

Release notes

Sourced from feedsmith's releases.

v2.9.1

2.9.1 (2026-03-15)

Testing

• Add 236 real-world feed parsing tests for RSS, Atom, RDF, and JSON formats covering CDATA handling, HTML entities, namespace scoping, stop node behavior, XML comments, malformed XML resilience, and encoding edge cases (#263)

Bug Fixes

• Add missing stop nodes for all namespace elements with text content (7e8081a)
• Add namespace stop nodes to preserve CDATA markers during parsing (df93907)
• Fix Atom stop node typo, remove unused channel author stop node, add author tests (c870260)
• Fix typo in Atom stop node entry for feed.entry.source.title (5d43a44)
• Handle malformed RSS feeds with items, image, and textInput outside channel (60e4990)
• Handle prefixed RSS 1.0 elements in RDF feed parsing (c304793)
• Scope media scene stop nodes to media:scene parent (04f3b14)
• Strip XML comments from stop node text content (5720c43)
• Use Atom link text content as href when href attribute is missing (52d99d3)

Performance Improvements

• Create namespace normalizator once per feed format instead of per parse call (35191f7)

Commits

• e77883e test: Add multiple nesting levels test for OPML outlines
• 8982240 test: Refactor real-world tests to use const expected + toEqual pattern
• 798fb64 Merge pull request #265 from macieklamberski/perf/hoist-namespace-normalizator
• 35191f7 perf: Create namespace normalizator once per feed format instead of per parse...
• 647f1b0 Merge pull request #263 from macieklamberski/test/real-world-feed-suite
• 207c747 chore: Replace catalogue comments with descriptive ones in test files
• 6783593 Merge branch 'main' into test/real-world-feed-suite
• b39d826 Merge pull request #264 from macieklamberski/fix/rdf-prefixed-rss-elements
• 262c761 refactor: Extract RSS 1.0 namespace URIs to dedicated config
• c304793 fix: Handle prefixed RSS 1.0 elements in RDF feed parsing
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/fast-xml-builder	1.1.3	Unknown	Unknown
npm/fast-xml-parser	5.4.2	🟢 5.9	Details Check Score Reason Code-Review ⚠️ 1 Found 4/30 approved changesets -- score normalized to 1 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 10 28 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/feedsmith	2.9.1	Unknown	Unknown
npm/path-expression-matcher	1.1.3	Unknown	Unknown
npm/strnum	2.2.0	Unknown	Unknown

Scanned Files

• package-lock.json

[coveralls]

coverage: 98.734%. remained the same
when pulling ad26ff9 on dependabot/npm_and_yarn/feedsmith-2.9.1
into e1a0d2b on master.