HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities.
The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation.
The read may disclose adjacent heap contents into the destination SV.
Mark HTML::Filter as deprecated as the docs point out
Move Parser.pm into the lib directory with the others. This will help with everything from auto version bumps after releases, to scanning for prerequisites and spelling errors.
Fix a few spelling errors in the POD for HTML::Parser
Clean up the spacing on many examples in HTML::Parser