express-minify-html icon indicating copy to clipboard operation
express-minify-html copied to clipboard

Published 20 hours ago verified publisher icon melonmanchan

Update lodash.merge to 4.6.2 to resolve security vulnerability

Open meszaros-lajos-gyorgy opened this issue 5 years ago • 7 comments

Hi!

The guys at npm found a security vulnerability with lodash, which was fixed in 4.6.2:

image

meszaros-lajos-gyorgy avatar Jul 17 '19 08:07 meszaros-lajos-gyorgy

Last commit was in 2017. This project is dead as dirt. Go ahead and fork it, publish a new package name on NPM.

mcandre avatar Jul 18 '19 16:07 mcandre

Linking pull request, which would solve this issue: https://github.com/melonmanchan/express-minify-html/pull/17

meszaros-lajos-gyorgy avatar Jul 19 '19 15:07 meszaros-lajos-gyorgy

@mcandre: Well, the author's last activity was in early april this year, so I assume you are right. I do prefer to wait a bit more to see if the author checks github. Also, there are already 11 forks of the repo. Are there any candidates for the replacement of the main repo?

meszaros-lajos-gyorgy avatar Jul 19 '19 15:07 meszaros-lajos-gyorgy

I've checked all forks and most of them are either behind/even with master or contain dependency version updates. If someone is to publish a fork of this repo should also add the other pull request which checks for html validation failure. I'm happy to publish a fork of this, but what should be it's name? express-minify-html-2?

meszaros-lajos-gyorgy avatar Jul 19 '19 17:07 meszaros-lajos-gyorgy

express-minify-html-2 is out live: https://www.npmjs.com/package/express-minify-html-2

meszaros-lajos-gyorgy avatar Jul 19 '19 17:07 meszaros-lajos-gyorgy

Thanks for taking care of this and for putting the cat into the sock :)

m-majetic avatar Jul 20 '19 15:07 m-majetic

Thanks, helped!

ryanlelek avatar Aug 10 '19 21:08 ryanlelek