HTML Minifier version 2.1.7 is a minor update focusing on refinements and stability compared to the previous stable version 2.1.6. Both versions are powerful, highly configurable, and JavaScript-based HTML minifiers designed to optimize HTML code for production environments. Developers leverage this tool to reduce HTML file sizes, leading to faster page load times and improved website performance, contributing to a better user experience and potentially boosting SEO rankings.
Key differences lie primarily in updated development dependencies. Specifically, grunt-eslint sees an update moving from version 18.1.x in 2.1.6 to 19.0.x in 2.1.7. This indicates improvements in code linting and quality control during the development process. While the core dependencies used for the minification process itself remain the same, such as change-case, clean-css, commander, he, ncname, relateurl, and uglify-js, this change likely reflects improvements in the project's internal tooling and code consistency. The release date also marks that 2.1.7 came out a week after 2.1.6. For developers adopting HTML Minifier, this means that version 2.1.7 likely incorporates minor bug fixes and refinements identified since the previous release, making it the recommended choice for new projects. Developers already using 2.1.6 should consider updating to benefit from these improvements.
All the vulnerabilities related to the version 2.1.7 of the package
kangax html-minifier REDoS vulnerability
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
Regular Expression Denial of Service in clean-css
Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Upgrade to version 4.1.11 or higher.
