htmlhint vulnerability
Job https://gitlab.com/gitlab-ci-utils/pagean/-/jobs/1450722336 started reporting a ReDoS vulnerability for a dependency of HTMLHint, but this is in the generic OWASP Dependency Check suppression since normally a development dependency and ReDos in that context is not a significant concern. It is reported as NPM-1751 (now GitHub Advisory), CVE-2020-28469, and CWE-400.
Need to:
- Document the vulnerability and lack of applicability
- Resolve if possible (see this HTMLHint issue)
Edited by Aaron Goldenthal