CVE-2022-37620 html-minifier-terser dependency vulnerability

[CodeByCalvin]

OWASP is currently throwing the following security vulnerability error from the latest version of html-webpack-plugin (5.6.3):

One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': 

html-minifier-terser:^6.0.2 (pkg:npm/html-minifier-terser@6.1.0, cpe:2.3:a:terser:html-minifier-terser:6.1.0:*:*:*:*:*:*:*): CVE-2022-37620(7.5)

See the dependency-check report for more details.

[JohannesWi]

Any updates on this? Maybe it would be worth changing to a more maintained fork html-minifier-next.

See also terser/html-minifier-terser#197

[alexander-akait]

@JohannesWi You can disable minifier here and use https://github.com/webpack-contrib/html-minimizer-webpack-plugin, it will be remove in the next major release from here in favor this plugin

[terrance456]

Hi @alexander-akait, do we know when is the next major release to fix this issue?

[alexander-akait]

@terrance456 I think current month, we need a little bit more work here

[tomkuipers]

@terrance456 I think current month, we need a little bit more work here

Any update on this issue?