npm audit: html-minifier
pascalgrimaud opened this issue · comments
Pascal Grimaud commented
In current version v1.9.0, there are several warnings
I don't know if we can do something.
Any idea @Gnuk ?
➜ npm audit
# npm audit report
html-minifier *
Severity: high
kangax html-minifier REDoS vulnerability - https://github.com/advisories/GHSA-pfq8-rq6v-vf5m
No fix available
node_modules/html-minifier
html2pug >=0.0.1
Depends on vulnerable versions of html-minifier
node_modules/html2pug
@tikui/core *
Depends on vulnerable versions of html2pug
node_modules/@tikui/core
3 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
Pascal Grimaud commented
adding a small bounty to fix this warning
Aurélien Mino commented
I already investigated using an alternative library for html2pug on the tikui side, I'll finish my work and push it.
Anthony Rey commented
We released a new version of Tikui core yesterday with the alternative. Thanks @murdos for the PR.
Aurélien Mino commented
@pascalgrimaud : bounty claimed: https://opencollective.com/generator-jhipster/expenses/213109
Pascal Grimaud commented
@murdos : approved