Closed
Description
Our version of expat hasn't been updated in over a year, and is once again being flagged by security analysis tools. Based on discussion in #91384 it sounds like this is probably not an actual security issue the way we're using it (unless something has changed about our usage), but we should still roll it forward again.
(/cc @Hixie @jason-simmons @zanderso who were in involved in the previous roll, but I can drive this if there's not a better candidate.)