Security issue - Regular Expression Denial of Service

[Scr1pting]

express-minify-html uses an outdated version of clean-css and becomes vulnerable to Regular Expression Denial of Service attacks. The vulnerability cannot be resolved by a simple npm audit fix --force on the side of an express-minify-html dependent.

This is what the Dependabot alert reads:

Version of clean-css prior to 4.1.11 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.

A simple update of the affected dependency would probably resolve the security threat.