chore(deps): bump mjml from 4.18.0 to 5.0.0

[dependabot]

Bumps mjml from 4.18.0 to 5.0.0.

Release notes

Sourced from mjml's releases.

v5.0.0

Upgrade Guide

These are the changes users need to actively consider when upgrading to MJML 5.x.x from MJML 4.x (and early MJML 5 alphas):

Highlights

• Replaced legacy html-minifier and js-beautify with htmlnano + cssnano. [breaking change]
• Added templating syntax sanitization (runs before PostCSS and is restored afterwards)
• Safer, stricter handling of mj-include and ignoreIncludes [breaking change]
• Restructured outer HTML: the <body> tag is now driven by mj-body, not the global skeleton. [breaking change]
• mjml-browser build/minification pipeline updated
• Better attribute consistency across components (including more flexible border-radius). [breaking change]
• Migration helper removed [breaking change]
• Updated toolchain: Node 20/22/24 in CI. Removed Node 16/18 [breaking change]

---

HTML/CSS minification & formatting

What changed

• HTML minification now uses htmlnano instead of html-minifier.
• CSS minification now uses cssnano presets wired via mjml-core.
• Minification options can be added via .mjmlconfig.js

Impact [potential breaking changes]

• Generated HTML is more aggressively minified. If you rely on exact formatting (e.g. diffing raw HTML, parsing by regex, or checking snapshots), you may see changes.
• Some obscure html-minifier specific options used in custom tooling will no longer apply; options are now expressed as htmlnano/cssnano configs.
• Template tags may error in PostCSS (see Template syntax handling and sanitization below)
• Fixes this issue: mjmlio/mjml#2589

What to do

• Review any automation that assumes pretty‑printed HTML (tests, diffs, CI snapshot comparisons).
• If you previously passed minify/beautify flags or custom minifier options, re‑map them to the new htmlnano/cssnano config.

Notes

• cssnano uses lite preset by default. Due to this issue: mjmlio/mjml#2919. default preset can be used if your fonts don’t contain numerals

More detail: (mjmlio/mjml#2858)

---

Template syntax handling and sanitization (PostCSS)

What changed

• Template syntax (e.g. {{ }}) is now sanitized before PostCSS and with syntax restored post-processing.

Impact

• A CssSyntaxError error will occur when applying CSS minification to files with some template syntax
• Fixes this issue: mjmlio/mjml#2858

... (truncated)

Commits

• ddb2335 v5.0.0
• 9aac8c6 v5.0.0-beta.2
• 1dfbc95 v5.0.0-beta.1
• 65e81da v5.0.0-alpha.11
• 74f3577 Merge pull request #3045 from mjmlio/bugfix/3018-mjml5-ignoreIncludes-allowIn...
• b8e6a60 Merge pull request #3044 from mjmlio/bugfix/attributes-adding-updating-for-co...
• 2eb56d7 feature(includes): implemented tighter controls
• 591fd1e bugfix(ignoreIncludes): updated test files
• 6b22a67 feature(ignoreIncludes): added option for includePath
• 9b7991f bugfix(border-radius): accept string input
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.