html-minifier@4.0.0 Regular Expression Denial of Service vulnerability

[sethvanwykJET]

What are you trying to achieve?

Clean up the codebase security / performance alerts

We recently implemented Snyk and are going through a cleanup process to see where we can tidy up things in the system. Our only outlier seems to be this alert that doesn't seem to be high priority but would be nice to clean up as well.

I do see this package has not been updated in a while, is there a more maintained alternative that can be put in place to address this?

What do you see

https://cwe.mitre.org/data/definitions/1333.html

Details

• CodeceptJS version: 3.5.3

[DavertMik]

Thanks, this will be fixed in next release by replacing package to html-minifier-terser