schwarzdavid / bootstrap-email Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Getting an error
...node_modules/bootstrap-email/src/assets/bootstrap-email.scss: no such file or directory
The file is definitely there.
Running on Mac M1
Not sure what the issue is, but cannot get any examples to work at all...
TypeError: Cannot use 'in' operator to search for 'length' in false
at initialize (/Users/gslender/Documents/Development/web_test/node_modules/cheerio/lib/load.js:105:28)
at Function.unwrap (/Users/gslender/Documents/Development/web_test/node_modules/bootstrap-email/src/lib/ElementHelper.js:100:26)
at Element.<anonymous> (/Users/gslender/Documents/Development/web_test/node_modules/bootstrap-email/src/lib/ContentCompiler.js:63:19)
at LoadedCheerio.each (/Users/gslender/Documents/Development/web_test/node_modules/cheerio/lib/api/traversing.js:519:26)
at ContentCompiler.div (/Users/gslender/Documents/Development/web_test/node_modules/bootstrap-email/src/lib/ContentCompiler.js:59:12)
at BootstrapEmail._compileHtml (/Users/gslender/Documents/Development/web_test/node_modules/bootstrap-email/src/BootstrapEmail.js:271:20)
at BootstrapEmail.compile (/Users/gslender/Documents/Development/web_test/node_modules/bootstrap-email/src/BootstrapEmail.js:191:8)
at BootstrapEmail.compileAndSave (/Users/gslender/Documents/Development/web_test/node_modules/bootstrap-email/src/BootstrapEmail.js:205:24)
at Object.<anonymous> (/Users/gslender/Documents/Development/web_test/test.js:31:16)
at Module._compile (node:internal/modules/cjs/loader:1105:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
at Module.load (node:internal/modules/cjs/loader:981:32)
at Module._load (node:internal/modules/cjs/loader:827:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12)
at node:internal/main/run_main_module:17:47
Node.js v18.0.0
I'm getting a lot of vulnerabilities when installing the latest version. I tried npm audit fix
but this didn't help.
ejs <3.1.7
Severity: high
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
No fix available
node_modules/ejs
bootstrap-email *
Depends on vulnerable versions of ejs
node_modules/bootstrap-email
nth-check <2.0.1
Severity: moderate
Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr
fix available via `npm audit fix`
node_modules/juice/node_modules/nth-check
css-select <=3.1.0
Depends on vulnerable versions of nth-check
node_modules/juice/node_modules/css-select
cheerio 0.19.0 - 1.0.0-rc.3
Depends on vulnerable versions of css-select
node_modules/juice/node_modules/cheerio
juice 1.3.4 - 6.0.0
Depends on vulnerable versions of cheerio
node_modules/juice
6 vulnerabilities (4 moderate, 2 high)
node version 16.14.0
npm version 8.3.1
Hello,
Looks like bootstrap-email is using vulnerable version of ejs. Could you please update?
yarn list --pattern bootstrap-email
yarn list v1.22.19
└─ [email protected]
Package
Affected versions
Patched version
ejs
(npm)
< 3.1.7
3.1.7
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Due to the latest changes in Cheerio - at least the version used in [email protected]
- we're having troubles when compiling single/multiple templates.
Environment
Expected behavior
new BootstrapEmail("foobar.html").compile()
// should return a compiled template string
Current behavior
new BootstrapEmail("foobar.html").compile()
// cheerio is not a function
The fix should be quite trivial, i.e. calling .default
when requiring cheerio
.
Related PRs
This has been addressed twice in the following PRs:
Hello,
I get this critical vulnerability reported by npm audit after installing the bootstrap-email package:
Critical ejs template injection vulnerability
Package ejs
Patched in >=3.1.7
Dependency of bootstrap-email
Path bootstrap-email > ejs
More info GHSA-phwq-j96m-2c2q
I got EJS updated to the latest version (3.1.9), but also tried 3.1.7 without success.
Can you help me to solve this issue?
Thanks for your reply and help in advance!
Hello,
Some how, the compiler removes from the source the background -color inline style, it not preserved it in the output result,
Any ideas how to sole this?
Thanks in advance,
Doron
TypeError: cheerio is not a function
at Function.wrapContent (c:\Users\ruper\Documents\Code\ReactTypescript\abcteam\abcteam_library_backend\node_modules\bootstrap-email\src\lib\ElementHelper.js:48:20)
at ContentCompiler.body (c:\Users\ruper\Documents\Code\ReactTypescript\abcteam\abcteam_library_backend\node_modules\bootstrap-email\src\lib\ContentCompiler.js:265:17)
at BootstrapEmail._compileHtml (c:\Users\ruper\Documents\Code\ReactTypescript\abcteam\abcteam_library_backend\node_modules\bootstrap-email\src\BootstrapEmail.js:235:20)
at BootstrapEmail.compile (c:\Users\ruper\Documents\Code\ReactTypescript\abcteam\abcteam_library_backend\node_modules\bootstrap-email\src\BootstrapEmail.js:190:8)
at BootstrapEmail.compileAndSave (c:\Users\ruper\Documents\Code\ReactTypescript\abcteam\abcteam_library_backend\node_modules\bootstrap-email\src\BootstrapEmail.js:203:24)
at c:\Users\ruper\Documents\Code\ReactTypescript\abcteam\abcteam_library_backend\ts-build\src\assets\_emails\index.js:15:23
at Array.forEach (<anonymous>)
at c:\Users\ruper\Documents\Code\ReactTypescript\abcteam\abcteam_library_backend\ts-build\src\assets\_emails\index.js:11:122
at FSReqCallback.oncomplete (fs.js:180:23)
Installation fails on dependency [email protected]
I have a preview tag with over 100 chars (116 exactly) and I'm facing this issue
node_modules/bootstrap-email/lib/BootstrapEmail.js:513
preview.html(content + ' '.repeat(100 - content.length));
I think a control should be done to avoid negative count on this operation 100 - content.length
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.