Closed timbomckay closed 3 months ago
The html-minifier package hasn't been updated for nearly 4 years and has a ReDoS vulnerability. Terser has forked the repo and is actively maintaining it under html-minifier-terser.
html-minifier
html-minifier-terser
Can this get updated to use the maintained package from Terser?
To anyone stumbling upon this issue I did discover minify-literals is using the newly maintained terser dependency, along with a rollup plugin.
minify-literals
Closing as fixed in #57
The
html-minifier
package hasn't been updated for nearly 4 years and has a ReDoS vulnerability. Terser has forked the repo and is actively maintaining it underhtml-minifier-terser
.Can this get updated to use the maintained package from Terser?