grybykm
commented
2 months ago Open grybykm opened 2 months ago
grybykm
commented
2 months ago 
mattboll
commented
1 month ago Hi, Kangax html-minifier has no update on npm for 5 years. From this issue https://github.com/kangax/html-minifier/issues/1135 some people recommand to use a fork https://www.npmjs.com/package/html-minifier-terser
whoiscadenyoung
commented
1 month ago How would you go about swapping these if using NPM, since it's a dependency for a dependency?
oberocks
commented
1 month ago Hi, Kangax html-minifier has no update on npm for 5 years. From this issue kangax/html-minifier#1135 some people recommand to use a fork https://www.npmjs.com/package/html-minifier-terser
Exactly! Thank you as I was swinging by here to bring over this comment link:
https://github.com/kangax/html-minifier/issues/1135#issuecomment-2110516434
I think this might have to be solved by switching the deps in this project. I'm not sure how to do that yet though, as antfu uses/used a different environment that I don't work with much as an old schooler... so I never really got over the initial learning curve to even try and help out with this project constructively. :(
If any one can send me a tut link for this flavor of a local development stack used here in vite-ssg, i can try to carve out an afternoon to finally wrap my head around it and then take a stab at swapping out the vulnerable dep for the html-minifier-terser one that's being maintained more.
Otherwise, cheers and happy hacking, everyone!
oberocks
commented
1 month ago How would you go about swapping these if using NPM, since it's a dependency for a dependency?
The first thing to try in a downstream repo dependent on this repo, would probably be this approach:
https://docs.npmjs.com/cli/v9/configuring-npm/package-json#overrides
Note, have not tried that yet though. But this would be the path of least resistance, theoretically. cheers!
NicolasMelin
commented
1 month ago I have also the problem. Do you know if it's planned to resolve this problem in vite-ssg module ?