HTML Minifier version 1.5.0 introduces notable changes for developers focused on optimizing website performance. Building upon the functionality of the previous stable version, 1.4.0, this release incorporates crucial updates in its dependency management, specifically addressing the command-line interface. Version 1.5.0 shifts from the direct cli dependency found in 1.4.0 to commander 2.9.x, suggesting a potentially improved and more robust command-line argument parsing. It also adds he 1.0.x, a library which encode/decode HTML entities.
Furthermore, the development dependencies see an important upgrade. In version 1.5.0, the integration of grunt, a crucial task runner, get a bump from version 0.4.x to 1.0.x. And on the other hand some other are removed from the dependencies.
These modifications provide developers with an enhanced toolkit for automating HTML minification workflows, potentially streamlining build processes, and ensuring optimal website loading speeds. Upgrading to version 1.5.0 offers access to refined tooling and dependency management, ultimately contributing to improved website performance and development efficiency.
All the vulnerabilities related to the version 1.5.0 of the package
kangax html-minifier REDoS vulnerability
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
Regular Expression Denial of Service in clean-css
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Upgrade to version 4.1.11 or higher.
