Skip to content

Update dependency html-loader to v1#44

Open
dev-mend-for-github-com[bot] wants to merge 1 commit intotrunkfrom
whitesource-remediate/html-loader-1.x
Open

Update dependency html-loader to v1#44
dev-mend-for-github-com[bot] wants to merge 1 commit intotrunkfrom
whitesource-remediate/html-loader-1.x

Conversation

@dev-mend-for-github-com
Copy link
Copy Markdown

@dev-mend-for-github-com dev-mend-for-github-com bot commented Jan 14, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
html-loader devDependencies major 0.5.51.0.0
html-loader dependencies major 0.5.51.0.0

By merging this PR, the issue #2 will be automatically resolved and closed:

Severity CVSS Score Vulnerability Reachability
Critical Critical 9.8 CVE-2021-44906

Release Notes

webpack-contrib/html-loader (html-loader)

v1.0.0

Compare Source

⚠ BREAKING CHANGES
  • for parsing HTML now we use htmlparser2 package
  • the attrs option was renamed to the attributes option
  • the interpolate option was removed, please consider migration on the preprocessor
  • the minimize option is true by default in production mode. You need to list all options for html-minifier if you use object notation.
  • uppercase tags and uppercase attributes are handled by default
  • the root option was moved under the attributes option, please look at the documentation
  • emit an error on broken HTML syntax when minimization is enabled
  • By default, now we process the following tags with attributes:
    • the src attribute of the audio tag
    • the src attribute of the embed tag
    • the src attribute of the img tag
    • the srcset attribute of the img tag
    • the src attribute of the input tag
    • the href attribute of the link tag (only for stylesheets)
    • the data attribute of the object tag
    • the src attribute of the script tag
    • the src attribute of the source tag
    • the srcset attribute of the source tag
    • the src attribute of the track tag
    • the poster attribute of the video tag
    • the src attribute of the video tag
  • the attributes option should be Boolean or Object, please look at the documentation
  • the exportAsDefault option were removed in favor the esModules option
  • the exportAsEs6Default option were removed in favor the esModules option
Features
  • handle more tags and attributes
  • added the preprocessor option
  • added the esModule option
  • add the rulFilter option for filtering some of urls, please look at the documentation
  • allow to setup how to handle and filter tags and attributes, please look at the documentation
  • improve error reporting
Bug Fixes
  • adding quotes when necessary for unquoted sources
  • do not handle empty attributes
  • escape \u2028 and \u2029 characters
  • handle only valid srcset tags
  • parser tags and attributes according spec
  • reduce import/require count
  • reduce size of generated modules
  • respect #hash in sources
  • support ES6 syntax in script tags when minimize
  • support ES6 import of urls
  • If you want to rebase/retry this PR, check this box

@dev-mend-for-github-com dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Jan 14, 2025
@dev-mend-for-github-com
Copy link
Copy Markdown
Author

dev-mend-for-github-com bot commented Jan 14, 2025

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: src/Administration/Resources/app/administration/package-lock.json
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: @vue/server-renderer@3.3.4
npm WARN Found: vue@3.3.4
npm WARN node_modules/vue3/node_modules/vue
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer overridden vue@"2.7.14" (was "3.3.4") from @vue/server-renderer@3.3.4
npm WARN node_modules/vue3/node_modules/@vue/server-renderer
npm WARN   @vue/server-renderer@"3.3.4" from vue3@3.3.4
npm WARN   node_modules/vue3
npm WARN   1 more (vue)
npm ERR! code EBADENGINE
npm ERR! engine Unsupported engine
npm ERR! engine Not compatible with your version of node/npm: administration@1.0.0
npm ERR! notsup Not compatible with your version of node/npm: administration@1.0.0
npm ERR! notsup Required: {"node":"^18.0.0 || ^19.0.0 || ^20.0.0","npm":"^8.0.0 || ^9.0.0 || ^10.0.0"}
npm ERR! notsup Actual:   {"npm":"9.9.4","node":"v22.12.0"}

npm ERR! A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2025-01-14T09_10_41_275Z-debug-0.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants