Update sanitize-html from 2.1.0 to 2.12.1 fails. Module parse failed: Unexpected token. #663
Comments
|
Two comments:
|
|
Can you provide better steps to replicate the error? Again, there isn't a build script. |
|
As state here the issue (I'm having the same one) is your webpack version. |
|
Thanks @Insomniak313! - I thought it was something with the version of htmlparser2. |
|
I am using Updating Node.js or Webpack is not possible for us on all environments, or restructuring our backend for that matter. Webpack 5 behaves badly with circular imports (our project has over 500 of these) while Webpack 4 just chews 'em all good and produces a working bundle. What works currently is locking this module using I was comparing the source code of the project and not much changed. So another solution might be to force at the My two cents. Alternatively just make a version 2.7.4 with the security patch. Thank you. |
|
Could this issue be fixed by bumping htmlparser2 to 9.0.0 or 9.1.0? |
|
Ran into the same issue, downgrading to 2.1.0 for now helped (as we are stuck on Node 16 for the time being). Problem is not present when using a higher version of Node/Webpacker, and in our branch with upgraded Node/Webpacker version it works fine with 2.12.1. |
|
@adamreisnz read my comment #663 (comment)
Using earlier versions will make you vulnerable to exploits. |
|
Am aware, but as I said we have no choice as stuck on Node 16 for a while
longer.
…On Sat, 9 Nov 2024, 00:45 Jorge Oliveira, ***@***.***> wrote:
@adamreisnz <https://github.com/adamreisnz> read my comment #663 (comment)
<#663 (comment)>
What works currently is locking this module using "sanitize-html":
"~2.7.3" on the package.json dependencies, then I manually apply commit
c5dbdf7
<c5dbdf7>
using patch-package <https://www.npmjs.com/package/patch-package> to get
rid of the security vulnerability.
Using earlier versions will make you vulnerable to exploits.
—
Reply to this email directly, view it on GitHub
<#663 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADXYQWRBFTUQPWBP7YBWLDZ7SP6JAVCNFSM6AAAAABGKSVWASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRUGUYTSNJRHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Version 2.7.3 works on node.js 16 (runs as far back as node.js 12). Use this instead of 2.1.0 if you can. #663 (comment) |
|
Thanks, I'll check it out.
…On Sat, 9 Nov 2024, 07:13 Jorge Oliveira, ***@***.***> wrote:
Version 2.7.3 works on node.js 16 (runs as far back as node.js 12).
Use this instead of 2.1.0 if you can. #663 (comment)
<#663 (comment)>
—
Reply to this email directly, view it on GitHub
<#663 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADXYQTBACVMWJJ6YC7P66LZ7T5K7AVCNFSM6AAAAABGKSVWASVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRVGQ3TAOJRGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Ended up using DOMPurify, as we were also running into #639 in the latest version using Vite. |
To Reproduce
Step by step instructions to reproduce the behavior:
Expected behavior
Describe the bug
Details
Version of Node.js:
Server Operating System:
Additional context:
The text was updated successfully, but these errors were encountered: