Update npm package fast-xml-parser to v5.5.7 [SECURITY]

[hash-worker]

This PR contains the following updates:

Package	Change	Age	Confidence
fast-xml-parser	5.5.6 -> 5.5.7

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2026-33349

Summary

The DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in JavaScript causes the guard conditions to short-circuit, completely bypassing the limits. An attacker who can supply XML input to such an application can trigger unbounded entity expansion, leading to memory exhaustion and denial of service.

Details

The OptionsBuilder.js correctly preserves a user-supplied value of 0 using nullish coalescing (??):

// src/xmlparser/OptionsBuilder.js:111
maxEntityCount: value.maxEntityCount ?? 100,
// src/xmlparser/OptionsBuilder.js:107
maxEntitySize: value.maxEntitySize ?? 10000,

However, DocTypeReader.js uses truthy evaluation to check these limits. Because 0 is falsy in JavaScript, the entire guard expression short-circuits to false, and the limit is never enforced:

// src/xmlparser/DocTypeReader.js:30-32
if (this.options.enabled !== false &&
    this.options.maxEntityCount &&          // ← 0 is falsy, skips check
    entityCount >= this.options.maxEntityCount) {
    throw new Error(`Entity count ...`);
}

// src/xmlparser/DocTypeReader.js:128-130
if (this.options.enabled !== false &&
    this.options.maxEntitySize &&            // ← 0 is falsy, skips check
    entityValue.length > this.options.maxEntitySize) {
    throw new Error(`Entity "${entityName}" size ...`);
}

The execution flow is:

1. Developer configures processEntities: { maxEntityCount: 0, maxEntitySize: 0 } intending to block all entity definitions.
2. OptionsBuilder.normalizeProcessEntities preserves the 0 values via ?? (correct behavior).
3. Attacker supplies XML with a DOCTYPE containing many large entities.
4. DocTypeReader.readDocType evaluates this.options.maxEntityCount && ... — since 0 is falsy, the entire condition is false.
5. DocTypeReader.readEntityExp evaluates this.options.maxEntitySize && ... — same result.
6. All entity count and size limits are bypassed; entities are parsed without restriction.

PoC

const { XMLParser } = require("fast-xml-parser");

// Developer intends: "no entities allowed at all"
const parser = new XMLParser({
  processEntities: {
    enabled: true,
    maxEntityCount: 0,    // should mean "zero entities allowed"
    maxEntitySize: 0       // should mean "zero-length entities only"
  }
});

// Generate XML with many large entities
let entities = "";
for (let i = 0; i < 1000; i++) {
  entities += `<!ENTITY e${i} "${"A".repeat(100000)}">`;
}

const xml = `<?xml version="1.0"?>
<!DOCTYPE foo [
  ${entities}
]>
<foo>&e0;</foo>`;

// This should throw "Entity count exceeds maximum" but does not
try {
  const result = parser.parse(xml);
  console.log("VULNERABLE: parsed without error, entities bypassed limits");
} catch (e) {
  console.log("SAFE:", e.message);
}

// Control test: setting maxEntityCount to 1 correctly blocks
const safeParser = new XMLParser({
  processEntities: {
    enabled: true,
    maxEntityCount: 1,
    maxEntitySize: 100
  }
});

try {
  safeParser.parse(xml);
  console.log("ERROR: should have thrown");
} catch (e) {
  console.log("CONTROL:", e.message);  // "Entity count (2) exceeds maximum allowed (1)"
}

Expected output:

VULNERABLE: parsed without error, entities bypassed limits
CONTROL: Entity count (2) exceeds maximum allowed (1)

Impact

• Denial of Service: An attacker supplying crafted XML with thousands of large entity definitions can exhaust server memory in applications where the developer configured maxEntityCount: 0 or maxEntitySize: 0, intending to prohibit entities entirely.
• Security control bypass: Developers who explicitly set restrictive limits to 0 receive no protection — the opposite of their intent. This creates a false sense of security.
• Scope: Only applications that explicitly set these limits to 0 are affected. The default configuration (maxEntityCount: 100, maxEntitySize: 10000) is not vulnerable. The enabled: false option correctly disables entity processing entirely and is not affected.

Recommended Fix

Replace the truthy checks in DocTypeReader.js with explicit type checks that correctly treat 0 as a valid numeric limit:

// src/xmlparser/DocTypeReader.js:30-32 — replace:
if (this.options.enabled !== false &&
    this.options.maxEntityCount &&
    entityCount >= this.options.maxEntityCount) {

// with:
if (this.options.enabled !== false &&
    typeof this.options.maxEntityCount === 'number' &&
    entityCount >= this.options.maxEntityCount) {

// src/xmlparser/DocTypeReader.js:128-130 — replace:
if (this.options.enabled !== false &&
    this.options.maxEntitySize &&
    entityValue.length > this.options.maxEntitySize) {

// with:
if (this.options.enabled !== false &&
    typeof this.options.maxEntitySize === 'number' &&
    entityValue.length > this.options.maxEntitySize) {

Workaround

If you don't want to processed the entities, keep the processEntities flag to false instead of setting any limit to 0.

---

Release Notes

NaturalIntelligence/fast-xml-parser (fast-xml-parser)

v5.5.7

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - "before 4am every weekday,every weekend" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hash	Ready	Preview, Comment	Mar 20, 2026 1:59am
hashdotdesign	Ready	Preview, Comment	Mar 20, 2026 1:59am
hashdotdesign-tokens	Ready	Preview, Comment	Mar 20, 2026 1:59am
petrinaut	Ready	Preview, Comment	Mar 20, 2026 1:59am

[cursor]

PR Summary

Low Risk
Low risk dependency-only change; main concern is any behavioral change in XML parsing affecting consumers, but the update is a patch release intended to address a security issue.

Overview
Updates the Yarn resolution for fast-xml-parser from 5.5.6 to 5.5.7.

Regenerates yarn.lock accordingly, including fast-xml-parser’s transitive dependency bump of strnum to the ^2.2.0 range (locked to 2.2.1).

^{Written by Cursor Bugbot for commit 746694b. This will update automatically on new commits. Configure here.}

[augmentcode]

🤖 Augment PR Summary

Summary: Updates the npm dependency fast-xml-parser from 5.5.6 to 5.5.7 to pick up the upstream security fix for GHSA-jp2q-39xq-3w4g / CVE-2026-33349.
Changes: Bumps the pinned version in package.json (with the corresponding lockfile update) so installs resolve to the patched release.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

[codspeed-hq]

Merging this PR will not alter performance

✅ 80 untouched benchmarks

---

_{Comparing deps/js/npm-fast-xml-parser-vulnerability (746694b) with main (1512579)¹}

Footnotes

1. No successful run was found on main (618964d) during the generation of this report, so 1512579 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[github-actions]

Benchmark results

@rust/hash-graph-benches – Integrations

policy_resolution_large

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 2002	$$25.9 \mathrm{ms} \pm 173 \mathrm{μs}\left({\color{gray}-1.404 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.84 \mathrm{ms} \pm 14.2 \mathrm{μs}\left({\color{gray}-0.018 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 1001	$$11.4 \mathrm{ms} \pm 61.4 \mathrm{μs}\left({\color{gray}-0.244 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: high, policies: 3314	$$38.2 \mathrm{ms} \pm 260 \mathrm{μs}\left({\color{gray}-2.623 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: low, policies: 1	$$11.5 \mathrm{ms} \pm 72.8 \mathrm{μs}\left({\color{gray}-2.252 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: medium, policies: 1526	$$21.1 \mathrm{ms} \pm 134 \mathrm{μs}\left({\color{gray}-2.304 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 2078	$$26.7 \mathrm{ms} \pm 159 \mathrm{μs}\left({\color{gray}-3.930 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$3.08 \mathrm{ms} \pm 17.7 \mathrm{μs}\left({\color{gray}-0.867 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 1033	$$12.2 \mathrm{ms} \pm 79.6 \mathrm{μs}\left({\color{gray}-3.775 \mathrm{\%}}\right) $$	Flame Graph

policy_resolution_medium

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 102	$$3.15 \mathrm{ms} \pm 19.4 \mathrm{μs}\left({\color{gray}-0.280 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.39 \mathrm{ms} \pm 9.46 \mathrm{μs}\left({\color{gray}-1.135 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 51	$$2.73 \mathrm{ms} \pm 12.0 \mathrm{μs}\left({\color{gray}-0.276 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: high, policies: 269	$$4.37 \mathrm{ms} \pm 24.8 \mathrm{μs}\left({\color{gray}-1.427 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: low, policies: 1	$$2.91 \mathrm{ms} \pm 13.8 \mathrm{μs}\left({\color{gray}-2.051 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: medium, policies: 107	$$3.43 \mathrm{ms} \pm 18.2 \mathrm{μs}\left({\color{gray}-0.588 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 133	$$3.75 \mathrm{ms} \pm 17.3 \mathrm{μs}\left({\color{gray}0.108 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$2.82 \mathrm{ms} \pm 11.8 \mathrm{μs}\left({\color{gray}-0.073 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 63	$$3.34 \mathrm{ms} \pm 17.7 \mathrm{μs}\left({\color{gray}-0.983 \mathrm{\%}}\right) $$	Flame Graph

policy_resolution_none

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 2	$$2.20 \mathrm{ms} \pm 10.2 \mathrm{μs}\left({\color{gray}-0.491 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.18 \mathrm{ms} \pm 11.0 \mathrm{μs}\left({\color{gray}-1.376 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 1	$$2.25 \mathrm{ms} \pm 8.65 \mathrm{μs}\left({\color{gray}-0.268 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 8	$$2.44 \mathrm{ms} \pm 8.78 \mathrm{μs}\left({\color{gray}-1.495 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$2.33 \mathrm{ms} \pm 11.6 \mathrm{μs}\left({\color{gray}-0.733 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 3	$$2.52 \mathrm{ms} \pm 8.85 \mathrm{μs}\left({\color{gray}-3.427 \mathrm{\%}}\right) $$	Flame Graph

policy_resolution_small

Function	Value	Mean	Flame graphs
resolve_policies_for_actor	user: empty, selectivity: high, policies: 52	$$2.58 \mathrm{ms} \pm 10.7 \mathrm{μs}\left({\color{gray}1.34 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: low, policies: 1	$$2.33 \mathrm{ms} \pm 10.5 \mathrm{μs}\left({\color{gray}2.16 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: empty, selectivity: medium, policies: 25	$$2.45 \mathrm{ms} \pm 10.3 \mathrm{μs}\left({\color{gray}3.56 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: high, policies: 94	$$2.96 \mathrm{ms} \pm 16.1 \mathrm{μs}\left({\color{gray}3.50 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: low, policies: 1	$$2.46 \mathrm{ms} \pm 11.3 \mathrm{μs}\left({\color{gray}-0.519 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: seeded, selectivity: medium, policies: 26	$$2.75 \mathrm{ms} \pm 13.8 \mathrm{μs}\left({\color{gray}2.88 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: high, policies: 66	$$2.77 \mathrm{ms} \pm 14.5 \mathrm{μs}\left({\color{gray}-0.533 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: low, policies: 1	$$2.57 \mathrm{ms} \pm 13.4 \mathrm{μs}\left({\color{gray}3.45 \mathrm{\%}}\right) $$	Flame Graph
resolve_policies_for_actor	user: system, selectivity: medium, policies: 29	$$2.68 \mathrm{ms} \pm 14.1 \mathrm{μs}\left({\color{gray}-0.462 \mathrm{\%}}\right) $$	Flame Graph

read_scaling_complete

Function	Value	Mean	Flame graphs
entity_by_id;one_depth	1 entities	$$39.0 \mathrm{ms} \pm 176 \mathrm{μs}\left({\color{gray}0.364 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	10 entities	$$77.3 \mathrm{ms} \pm 401 \mathrm{μs}\left({\color{gray}-0.768 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	25 entities	$$42.4 \mathrm{ms} \pm 168 \mathrm{μs}\left({\color{gray}-2.969 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	5 entities	$$47.3 \mathrm{ms} \pm 195 \mathrm{μs}\left({\color{gray}-0.081 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;one_depth	50 entities	$$53.9 \mathrm{ms} \pm 291 \mathrm{μs}\left({\color{gray}0.215 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	1 entities	$$40.7 \mathrm{ms} \pm 172 \mathrm{μs}\left({\color{gray}-0.225 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	10 entities	$$419 \mathrm{ms} \pm 786 \mathrm{μs}\left({\color{gray}-3.032 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	25 entities	$$90.0 \mathrm{ms} \pm 326 \mathrm{μs}\left({\color{gray}-1.195 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	5 entities	$$90.1 \mathrm{ms} \pm 299 \mathrm{μs}\left({\color{gray}-2.166 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;two_depth	50 entities	$$258 \mathrm{ms} \pm 533 \mathrm{μs}\left({\color{lightgreen}-10.591 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	1 entities	$$16.8 \mathrm{ms} \pm 82.5 \mathrm{μs}\left({\color{gray}-2.725 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	10 entities	$$17.4 \mathrm{ms} \pm 78.6 \mathrm{μs}\left({\color{gray}-3.115 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	25 entities	$$17.4 \mathrm{ms} \pm 71.6 \mathrm{μs}\left({\color{gray}-2.420 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	5 entities	$$17.1 \mathrm{ms} \pm 117 \mathrm{μs}\left({\color{gray}-0.272 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id;zero_depth	50 entities	$$20.9 \mathrm{ms} \pm 137 \mathrm{μs}\left({\color{lightgreen}-5.076 \mathrm{\%}}\right) $$	Flame Graph

read_scaling_linkless

Function	Value	Mean	Flame graphs
entity_by_id	1 entities	$$16.9 \mathrm{ms} \pm 66.8 \mathrm{μs}\left({\color{gray}-3.784 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	10 entities	$$16.7 \mathrm{ms} \pm 72.4 \mathrm{μs}\left({\color{gray}-3.763 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	100 entities	$$16.8 \mathrm{ms} \pm 84.6 \mathrm{μs}\left({\color{gray}-4.140 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	1000 entities	$$17.2 \mathrm{ms} \pm 85.8 \mathrm{μs}\left({\color{lightgreen}-5.323 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	10000 entities	$$23.0 \mathrm{ms} \pm 181 \mathrm{μs}\left({\color{lightgreen}-5.790 \mathrm{\%}}\right) $$	Flame Graph

representative_read_entity

Function	Value	Mean	Flame graphs
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/block/v/1	$$30.6 \mathrm{ms} \pm 282 \mathrm{μs}\left({\color{gray}0.078 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/book/v/1	$$31.3 \mathrm{ms} \pm 298 \mathrm{μs}\left({\color{gray}0.136 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/building/v/1	$$30.8 \mathrm{ms} \pm 264 \mathrm{μs}\left({\color{gray}-0.939 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/organization/v/1	$$31.2 \mathrm{ms} \pm 287 \mathrm{μs}\left({\color{gray}-4.249 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/page/v/2	$$30.2 \mathrm{ms} \pm 268 \mathrm{μs}\left({\color{gray}-3.452 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/person/v/1	$$30.9 \mathrm{ms} \pm 270 \mathrm{μs}\left({\color{gray}-0.777 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/playlist/v/1	$$31.5 \mathrm{ms} \pm 304 \mathrm{μs}\left({\color{gray}-0.501 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/song/v/1	$$29.8 \mathrm{ms} \pm 320 \mathrm{μs}\left({\color{lightgreen}-5.647 \mathrm{\%}}\right) $$	Flame Graph
entity_by_id	entity type ID: https://blockprotocol.org/@alice/types/entity-type/uk-address/v/1	$$31.0 \mathrm{ms} \pm 285 \mathrm{μs}\left({\color{gray}0.428 \mathrm{\%}}\right) $$	Flame Graph

representative_read_entity_type

Function	Value	Mean	Flame graphs
get_entity_type_by_id	Account ID: bf5a9ef5-dc3b-43cf-a291-6210c0321eba	$$6.93 \mathrm{ms} \pm 29.8 \mathrm{μs}\left({\color{gray}-0.124 \mathrm{\%}}\right) $$	Flame Graph

representative_read_multiple_entities

Function	Value	Mean	Flame graphs
entity_by_property	traversal_paths=0	0	$$93.2 \mathrm{ms} \pm 369 \mathrm{μs}\left({\color{gray}2.34 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=255	1,resolve_depths=inherit:1;values:255;properties:255;links:127;link_dests:126;type:true	$$136 \mathrm{ms} \pm 476 \mathrm{μs}\left({\color{gray}1.30 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:0;link_dests:0;type:false	$$99.0 \mathrm{ms} \pm 359 \mathrm{μs}\left({\color{gray}1.74 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:1;link_dests:0;type:true	$$108 \mathrm{ms} \pm 398 \mathrm{μs}\left({\color{gray}3.50 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:2;links:1;link_dests:0;type:true	$$115 \mathrm{ms} \pm 492 \mathrm{μs}\left({\color{gray}2.52 \mathrm{\%}}\right) $$
entity_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:2;properties:2;links:1;link_dests:0;type:true	$$119 \mathrm{ms} \pm 377 \mathrm{μs}\left({\color{gray}1.64 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=0	0	$$99.3 \mathrm{ms} \pm 385 \mathrm{μs}\left({\color{gray}2.53 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=255	1,resolve_depths=inherit:1;values:255;properties:255;links:127;link_dests:126;type:true	$$121 \mathrm{ms} \pm 463 \mathrm{μs}\left({\color{gray}0.698 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:0;link_dests:0;type:false	$$105 \mathrm{ms} \pm 350 \mathrm{μs}\left({\color{gray}2.36 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:0;links:1;link_dests:0;type:true	$$111 \mathrm{ms} \pm 506 \mathrm{μs}\left({\color{gray}0.639 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:0;properties:2;links:1;link_dests:0;type:true	$$113 \mathrm{ms} \pm 424 \mathrm{μs}\left({\color{gray}0.769 \mathrm{\%}}\right) $$
link_by_source_by_property	traversal_paths=2	1,resolve_depths=inherit:0;values:2;properties:2;links:1;link_dests:0;type:true	$$113 \mathrm{ms} \pm 372 \mathrm{μs}\left({\color{gray}0.328 \mathrm{\%}}\right) $$

scenarios

Function	Value	Mean	Flame graphs
full_test	query-limited	$$126 \mathrm{ms} \pm 460 \mathrm{μs}\left({\color{gray}3.13 \mathrm{\%}}\right) $$	Flame Graph
full_test	query-unlimited	$$134 \mathrm{ms} \pm 393 \mathrm{μs}\left({\color{gray}0.960 \mathrm{\%}}\right) $$	Flame Graph
linked_queries	query-limited	$$89.9 \mathrm{ms} \pm 326 \mathrm{μs}\left({\color{gray}-0.186 \mathrm{\%}}\right) $$	Flame Graph
linked_queries	query-unlimited	$$507 \mathrm{ms} \pm 2.38 \mathrm{ms}\left({\color{gray}-4.957 \mathrm{\%}}\right) $$	Flame Graph

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.49%. Comparing base (618964d) to head (746694b).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8564      +/-   ##
==========================================
- Coverage   62.60%   62.49%   -0.11%     
==========================================
  Files        1317     1318       +1     
  Lines      133975   134209     +234     
  Branches     5517     5517              
==========================================
- Hits        83877    83876       -1     
- Misses      49183    49418     +235     
  Partials      915      915              

Flag	Coverage Δ
apps.hash-ai-worker-ts	1.40% <ø> (ø)
apps.hash-api	0.00% <ø> (ø)
blockprotocol.type-system	40.84% <ø> (ø)
local.claude-hooks	0.00% <ø> (ø)
local.harpc-client	51.24% <ø> (ø)
local.hash-graph-sdk	9.63% <ø> (ø)
local.hash-isomorphic-utils	0.00% <ø> (ø)
rust.antsi	0.00% <ø> (ø)
rust.error-stack	90.88% <ø> (ø)
rust.harpc-codec	84.70% <ø> (ø)
rust.harpc-net	96.14% <ø> (-0.02%)	⬇️
rust.harpc-tower	66.80% <ø> (ø)
rust.harpc-types	0.00% <ø> (ø)
rust.harpc-wire-protocol	92.23% <ø> (ø)
rust.hash-codec	72.76% <ø> (ø)
rust.hash-graph-api	2.52% <ø> (ø)
rust.hash-graph-authorization	62.34% <ø> (ø)
rust.hash-graph-postgres-store	26.39% <ø> (-0.34%)	⬇️
rust.hash-graph-store	37.76% <ø> (-0.13%)	⬇️
rust.hash-graph-temporal-versioning	47.95% <ø> (ø)
rust.hash-graph-types	0.00% <ø> (ø)
rust.hash-graph-validation	83.45% <ø> (ø)
rust.hashql-ast	87.23% <ø> (ø)
rust.hashql-compiletest	29.69% <ø> (ø)
rust.hashql-core	82.29% <ø> (ø)
rust.hashql-diagnostics	72.43% <ø> (ø)
rust.hashql-eval	69.13% <ø> (ø)
rust.hashql-hir	89.06% <ø> (ø)
rust.hashql-mir	92.64% <ø> (ø)
rust.hashql-syntax-jexpr	94.05% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.