minify-html-literals icon indicating copy to clipboard operation
minify-html-literals copied to clipboard

Published 20 hours ago verified publisher icon asyncLiz

Update to Terser to Resolve ReDoS Vulnerability

Open timbomckay opened this issue 2 years ago • 1 comments

The html-minifier package hasn't been updated for nearly 4 years and has a ReDoS vulnerability. Terser has forked the repo and is actively maintaining it under html-minifier-terser.

Can this get updated to use the maintained package from Terser?

timbomckay avatar Apr 10 '23 17:04 timbomckay

To anyone stumbling upon this issue I did discover minify-literals is using the newly maintained terser dependency, along with a rollup plugin.

timbomckay avatar Apr 11 '23 14:04 timbomckay

Closing as fixed in #57

asyncliz avatar Aug 13 '24 17:08 asyncliz