Update dependency versions and test workflow configuration

[HarithaVattikuti]

Dependency updates

Updated Python test fixture dependencies in tests:

• data/requirements.txt
• data/requirements-linux.txt

Version changes:

• idna: 3.7 → 3.15
• Pygments / pygments: 2.6.1 → 2.20.0
• requests: 2.32.4 → 2.33.0
• urllib3: 2.6.3 → 2.7.0

Updated Poetry test fixture in tests:

• data/pyproject.toml

Added:

• packaging >=22.0,<26

Direct/transitive version updates include:

• fast-xml-builder: 1.1.4 → 1.2.0
• fast-xml-parser: 5.5.10 → 5.8.0
• path-expression-matcher: 1.4.0 → 1.5.0
• strnum: 2.2.3 → 2.4.0

New transitive dependencies introduced:

• @nodable/entities: 2.2.0
• anynum: 1.0.0
• xml-naming: 0.1.0

Workflow updates

Updated .github/workflows/e2e-cache.yml:

• Changed Poetry installation to inject packaging<25 via pipx inject poetry "packaging<25" after pipx install poetry

Updated .github/workflows/test-pypy.yml:

• Replaced pypy-3.10-nightly with pypy-3.11-nightly
• Updated the PyPy matrix entry from pypy3.10-nightly to pypy3.11-nightly

Also updated the corresponding license metadata under .licenses/npm/ for the added and bumped packages.

[Copilot]

Pull request overview

Updates dependency versions used by test fixtures and refreshes the repo’s generated/locked artifacts and CI workflows accordingly.

Changes:

• Bump npm transitive deps related to fast-xml-parser (and update package-lock.json plus bundled dist/ outputs).
• Update Python test fixture pins in __tests__/data/requirements*.txt and add packaging constraint to the Poetry fixture.
• Adjust CI workflows (Poetry install workaround via pipx inject, and switch PyPy nightly to 3.11) and update npm license metadata entries.

Reviewed changes

Copilot reviewed 12 out of 15 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
package-lock.json	Updates locked npm dependency graph (adds new transitive deps and bumps XML-related packages).
dist/setup/index.js	Regenerated bundle reflecting updated npm deps.
dist/cache-save/index.js	Regenerated bundle reflecting updated npm deps.
.licenses/npm/xml-naming.dep.yml	Adds license metadata for new transitive dependency xml-naming.
.licenses/npm/anynum.dep.yml	Adds license metadata for new transitive dependency anynum.
.licenses/npm/@nodable/entities.dep.yml	Adds license metadata for new transitive dependency @nodable/entities.
.licenses/npm/strnum.dep.yml	Updates license metadata version for strnum.
.licenses/npm/path-expression-matcher.dep.yml	Updates license metadata version for path-expression-matcher.
.licenses/npm/fast-xml-parser.dep.yml	Updates license metadata version for fast-xml-parser.
.licenses/npm/fast-xml-builder.dep.yml	Updates license metadata version for fast-xml-builder.
.github/workflows/test-pypy.yml	Switches nightly PyPy testing from 3.10 to 3.11 in matrices.
.github/workflows/e2e-cache.yml	Changes Poetry installation to inject packaging<25 into the pipx-installed Poetry environment.
tests/data/requirements.txt	Bumps pinned test fixture deps (idna/pygments/requests/urllib3).
tests/data/requirements-linux.txt	Bumps pinned linux test fixture deps (idna/Pygments/requests/urllib3).
tests/data/pyproject.toml	Adds packaging constraint to Poetry test fixture dependencies.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.