fix(deps): fix fast-xml-parser vulnerability

[piyushsinghgaur1]

fix fast-xml-parser vulnerability.

[sonarqubecloud]

SonarQube reviewer guide

Summary: Migrates Trivy vulnerability scanning from self-hosted runner with Docker container action to ubuntu-latest runner with direct binary installation, while updating AWS SDK and other dependencies.

Review Focus: The trivy.yaml workflow change replaces a containerized approach with a multi-step shell-based installation. Verify that the new Trivy installation method works reliably in CI/CD and produces equivalent results. The large package-lock.json update upgrades AWS SDK v3 from 3.917 to 3.1004 (89 patch versions) and other dependencies—ensure no breaking changes in the application code that consumes these libraries. Pay special attention to runtime requirement changes (Node.js bumped from >=18.0.0 to >=20.0.0 in many packages).

Start review at: .github/workflows/trivy.yaml. This contains the most critical behavioral change—the shift from a containerized security scanner to a system-level installation. The installation logic should be verified for correctness, idempotency, and failure handling. Additionally, confirm whether the trivy.yml configuration file is compatible with the new installed version.

💬 Please send your feedback

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud