Skip to content

chore(deps): update dependency htmlparser2 to v12#286

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/htmlparser2-12.x
Open

chore(deps): update dependency htmlparser2 to v12#286
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/htmlparser2-12.x

Conversation

@renovate

@renovate renovate Bot commented Mar 23, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
htmlparser2 ^10.0.0^12.0.0 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

fb55/htmlparser2 (htmlparser2)

v12.0.0

Compare Source

What's Changed

This release aligns HTML parsing with the WHATWG spec Almost all changes are to HTML mode only — XML mode is unaffected unless noted.

Raw-text & RCDATA tags

  • <iframe>, <noembed>, <noframes>, and <plaintext> are now raw-text tags, their content is no longer parsed as HTML
  • <textarea> now decodes entities like <title> already did
  • Self-closing <script/>, <style/>, etc. now enter their raw-text state (the / is ignored per spec) unless recognizeSelfClosing is enabled

SVG & MathML

  • Tag names inside <svg> are case-adjusted per spec (foreignObject, clipPath, etc.)
  • CDATA sections inside foreign content are treated as text
  • Special-tag detection is disabled inside foreign content
  • Stray </svg> / </math> no longer corrupt the parser's context tracking

Comments & declarations

  • <!-->, <!--->, <!->, <!> now parse as valid comments per spec
  • <?…> and non-DOCTYPE <!…> in HTML mode emit bogus comments instead of being silently dropped
  • <!DOCTYPEhtml> (no space) is recognized as a DOCTYPE
  • Unclosed comments, <!DOCTYPE, <?…, <![CDATA[… at EOF emit the correct token type

Implicit open/close

  • <h1><h6> implicitly close other headings
  • <a> closes a previous <a>
  • Nested <form> is ignored when one is already open
  • <image> is rewritten to <img> outside foreign content
  • </> is silently ignored instead of emitted as text

Other fixes

  • Fixed reset() not clearing attribute state, which could leak data across parseComplete() calls

#​2387

Full Changelog: fb55/htmlparser2@v11.0.0...v12.0.0

v11.0.0

Compare Source

Breaking Changes

  • The module is now ESM only #​2381
    • CommonJS require() is not supported in legacy environment anymore. Use import instead.
    • The minimum Node.js version is now 20.19.0.
  • Dependencies have been bumped to their latest major versions: domhandler v6, domutils v4, domelementtype v3, entities v8.

Features

  • Added WebWritableStream for the Web Streams API, enabling direct piping from fetch() response bodies into the parser #​2376

Bug Fixes

  • Comments now accept --!> as a closing sequence per the HTML spec, and <!--> is recognized as an empty comment in HTML mode #​2382
  • XML processing instructions (<?xml ... ?>) now require the full ?> closing sequence instead of just > #​2382
  • Fixed reset() not clearing isSpecial and sequenceIndex state, which could cause incorrect parsing after reuse #​2382
  • Fixed XML comment parsing: <!--> is no longer treated as a complete comment in xmlMode #​2383

Other Changes

  • Expanded README with full API reference, parser options, events, and practical examples #​2384

New Contributors

Full Changelog: fb55/htmlparser2@v10.1.0...v11.0.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security

socket-security Bot commented Mar 23, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedhtmlparser2@​12.0.010010010082100

View full report

@renovate renovate Bot force-pushed the renovate/htmlparser2-12.x branch from 51d9ebe to 67a23d2 Compare April 1, 2026 19:20
@renovate renovate Bot force-pushed the renovate/htmlparser2-12.x branch from 67a23d2 to ced1582 Compare April 8, 2026 20:54
@renovate renovate Bot force-pushed the renovate/htmlparser2-12.x branch from ced1582 to 5215743 Compare April 20, 2026 05:56
@renovate renovate Bot force-pushed the renovate/htmlparser2-12.x branch from 5215743 to f070c95 Compare May 7, 2026 21:24
@renovate renovate Bot force-pushed the renovate/htmlparser2-12.x branch from f070c95 to 63d67bc Compare May 18, 2026 10:03
@renovate renovate Bot force-pushed the renovate/htmlparser2-12.x branch 2 times, most recently from e368cf8 to 2e701d7 Compare June 1, 2026 20:20
@renovate renovate Bot force-pushed the renovate/htmlparser2-12.x branch from 2e701d7 to f621cc5 Compare June 11, 2026 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants