docs/patches/html-minifier+4.0.0.patch - atlas - Git at Google

 diff --git a/node_modules/html-minifier/src/htmlminifier.js b/node_modules/html-minifier/src/htmlminifier.js
 index d7efa99..d0d8999 100644
 --- a/node_modules/html-minifier/src/htmlminifier.js
 +++ b/node_modules/html-minifier/src/htmlminifier.js
 @@ -873,7 +873,8 @@ function minify(value, options, partialMarkup) {
      return re.source;
    });
    if (customFragments.length) {
 -    var reCustomIgnore = new RegExp('\\s*(?:' + customFragments.join('|') + ')+\\s*', 'g');
 +    // CVE-2022-37620 ReDoS mitigation: limit repetition to prevent catastrophic backtracking
 +    var reCustomIgnore = new RegExp('\\s*(?:' + customFragments.join('|') + '){1,20}\\s*', 'g');
      // temporarily replace custom ignored fragments with unique attributes
      value = value.replace(reCustomIgnore, function(match) {
        if (!uidAttr) {
	diff --git a/node_modules/html-minifier/src/htmlminifier.js b/node_modules/html-minifier/src/htmlminifier.js
	index d7efa99..d0d8999 100644
	--- a/node_modules/html-minifier/src/htmlminifier.js
	+++ b/node_modules/html-minifier/src/htmlminifier.js
	@@ -873,7 +873,8 @@ function minify(value, options, partialMarkup) {
	return re.source;
	});
	if (customFragments.length) {
	- var reCustomIgnore = new RegExp('\\s(?:' + customFragments.join('\|') + ')+\\s', 'g');
	+ // CVE-2022-37620 ReDoS mitigation: limit repetition to prevent catastrophic backtracking
	+ var reCustomIgnore = new RegExp('\\s(?:' + customFragments.join('\|') + '){1,20}\\s', 'g');
	// temporarily replace custom ignored fragments with unique attributes
	value = value.replace(reCustomIgnore, function(match) {
	if (!uidAttr) {