SNOW-3043109: chore: bump fast-xml-parser to ^5

[benknoble]

The snowflake-sdk package depends on an old version of fast-xml-parser, which is vulnerable to CVE-2026-25128.

(The transitive dependency @google-cloud/storage is also vulnerable; a PR fix is available.)

Currently this requires using overrides in downstream consumers, which is not ideal.

[poman31]

your link for the google PR has a typo -> googleapis/nodejs-storage#2710
there is another PR open to update the version -> googleapis/nodejs-storage#2713

Snowflake Team: This would not be necessary if the Google SDK was a peer dependency instead of a required dependency.

[benknoble]

your link for the google PR has a typo -> googleapis/nodejs-storage#2710

Fixed, thanks.

[sfc-gh-dszmolka]

hi folks - thank you for the patience and @cjnoname for the contribution on #1252 . Bump PR approved and once its merged, will be part of the next release.

[dylanmunson-equipifi]

@sfc-gh-dszmolka thanks for the fix! I was just wondering if you knew when the next release is scheduled for?

[sfc-gh-rsavenok]

@dylanmunson-equipifi aiming to do the release today

[sfc-gh-dszmolka]

released with snowflake-sdk v2.3.4