This pull requests aims to address CVE-2022-37620, caused by html-minifier, by replacing the dependency with html-minifier-terser, an "actively maintained fork of html-minifier" by terser.
One last thing to mention, there is one failing test, "fails to minify static html templates", although this test is failing before changes, so I wasn't sure what the expected result was. 😅
This pull requests aims to address CVE-2022-37620, caused by html-minifier, by replacing the dependency with html-minifier-terser, an "actively maintained fork of html-minifier" by terser.
This would close the following issues:
As
minify
within html-minifier-terser is asynchronous, this would be considered a breaking change.I have also reviewed rollup-plugin-minify-html-literals to ensure this would be okay, and thankfully the
transform
function is marked as async in rollup's documentation, which means promises are supported.One last thing to mention, there is one failing test, "fails to minify static html templates", although this test is failing before changes, so I wasn't sure what the expected result was. 😅
Happy to make any changes based on feedback!