asyncLiz / minify-html-literals

Minify HTML template literal strings
MIT License
68 stars 13 forks source link

Update to Terser to Resolve ReDoS Vulnerability #52

Closed timbomckay closed 3 months ago

timbomckay commented 1 year ago

The html-minifier package hasn't been updated for nearly 4 years and has a ReDoS vulnerability. Terser has forked the repo and is actively maintaining it under html-minifier-terser.

Can this get updated to use the maintained package from Terser?

timbomckay commented 1 year ago

To anyone stumbling upon this issue I did discover minify-literals is using the newly maintained terser dependency, along with a rollup plugin.

asyncLiz commented 3 months ago

Closing as fixed in #57