Hello, our security check has found a high severity vulnerability in html-minifier, which is a dependency of mjml.
Dependency hierarchy:
mjml-4.13.0.tgz (Root Library)
mjml-cli-4.13.0.tgz
❌ html-minifier-4.0.0.tgz (Vulnerable Library)
Vulnerability description:
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.
Here is a link to a similar issue in html-minifier. It does not seem to be worked on.
Hello, our security check has found a high severity vulnerability in html-minifier, which is a dependency of mjml.
Dependency hierarchy:
Vulnerability description: A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js.
Here is a link to a similar issue in html-minifier. It does not seem to be worked on.
https://github.com/kangax/html-minifier/issues/1135
Can you update your repository to get rid of this vulnerability?