Bump fast-xml-parser and musicxml-io

[dependabot]

Removes fast-xml-parser. It's no longer used after updating ancestor dependency musicxml-io. These dependencies need to be updated together.

Removes fast-xml-parser

Updates musicxml-io from 0.1.0 to 0.5.6

Release notes

Sourced from musicxml-io's releases.

Release v0.5.6

• fix: throw helpful error when parse() receives a NUL-byte string (misread UTF-16)
• fix: strip XML 1.0 forbidden control characters from parsed text nodes
• chore(deps-dev): bump eslint from 10.1.0 to 10.2.0
• chore(deps-dev): bump @​types/node from 20.19.27 to 25.6.0
• chore(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.58.1
• Add codeql and dependabot

Release v0.5.5

• Make parse() accept Uint8Array/Buffer and recover from NUL-byte strings

Release v0.5.4

• Add UTF-16 XML support for parseFile, decodeBuffer, and parseAuto

Release v0.5.3

• Guard PIs

Release v0.5.2

• Speedup

Release v0.5.1

• Update
• Remove publish workflow — npm publish is done locally

Release v0.5.0

Full Changelog: tan-z-tan/musicxml-io@v0.4.0...v0.5.0

Release v0.4.0

Full Changelog: tan-z-tan/musicxml-io@v0.3.10...v0.4.0

Release v0.3.10

• Fix missing and noteType recalculation after broken rhythm

Release v0.3.9

• feat: add _id field to MeasureAttributes for source element tracking

Release v0.3.8

• fix: preserve leading/trailing whitespace in credit-words and direction words

Release v0.3.7

• Add print-object attribute support for metronome direction type

Release v0.3.6

• docs: add changelog entry for mid-measure attributes fix
• fix: put mid-measure attributes into entries instead of measure.attributes

Release v0.3.5

• fix: change voice type from number to string per MusicXML spec

Release v0.3.4

... (truncated)

Changelog

Sourced from musicxml-io's changelog.

Changelog

[0.3.6] - 2025-02-25

Fixed

• First <attributes> in a measure was always stored in measure.attributes, even when preceded by <note> elements
  • Now correctly placed as AttributesEntry in entries array when notes appear before it
  • getClefChanges() and similar queries now report correct position for mid-measure attribute changes

[0.3.3] - 2025-02-17

Added

• ABC notation format support with full bidirectional conversion
  • parseAbc(abcString) — Parse ABC notation into Score
  • serializeAbc(score, options?) — Serialize Score to ABC notation
  • parseAuto() now auto-detects ABC format
• ABC → Score → ABC round-trip with high fidelity (42 test fixtures passing)
• ABC → MusicXML → ABC round-trip with musical content preservation
• ABC parser supports:
  • Header fields (X:, T:, C:, M:, L:, Q:, K:, V:, w:, R:, S:, N:, etc.)
  • Notes with pitches, octaves, accidentals, durations, rests
  • Barlines, repeats, and volta endings
  • Chord symbols, simultaneous chords ([CEG])
  • Ties, slurs, grace notes, tuplets
  • Dynamics (20+ values)
  • Lyrics (w: field with syllable alignment)
  • Multi-voice (V: field with interleaving)
  • Inline fields ([V:], [L:], [K:] mid-tune changes)
  • %% directives and comments preservation
• ABC serializer options: referenceNumber, notesPerLine, includeChordSymbols, includeDynamics, includeLyrics
• 42 ABC test fixtures covering basic features, intermediate features, and complex real-world tunes (Bach, Irish traditional, folk songs)

[0.3.2] - 2025-01-xx

Added

• MIDI export (exportMidi)
• Score validation (validate, isValid, assertValid)

[0.3.0] - 2025-01-xx

Added

• Operations API (transpose, addNote, changeKey, etc.)
• Query API (getAllNotes, findNotes, getMeasure, etc.)
• Entry-level accessors (isRest, isPitchedNote, hasTie, etc.)
• Unique element IDs with _id property
• Tree-shaking support via subpath exports

[0.2.0] - 2024-xx-xx

Added

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.