html-webpack-plugin icon indicating copy to clipboard operation
html-webpack-plugin copied to clipboard

Published 20 hours ago verified publisher icon jantimon

Update version of html-minifier-terser dependency

Open bradentg opened this issue 2 years ago • 4 comments

Current version of html-minifier-terser depends on outdated version of terser vulnerable to ReDOS. [email protected] depends on terser ^5.14.2, which addresses the vulnerability.

bradentg avatar Aug 31 '22 22:08 bradentg

can we get this security vulnerability fix released?

nksfrank avatar Sep 13 '22 19:09 nksfrank

Would be great if @jantimon or @mastilver Could take a look so this vulnerability fix can be merged and released. Thank you!

hawkril avatar Sep 19 '22 05:09 hawkril

I have solved this issue. There are some cached codes in a lock file. Remove lock file and node_modules. Then install them, and compare lock files. FYI. https://github.com/webpack/webpack/issues/16306#issuecomment-1290527482

imki123 avatar Oct 26 '22 00:10 imki123

Any updates? Still getting dependabot vulnerability alerts because of this dependency :(

boroth avatar Mar 22 '24 15:03 boroth