patternfly-css icon indicating copy to clipboard operation
patternfly-css copied to clipboard
verified publisher icon patternfly

[Snyk] Security upgrade browser-sync from 2.18.13 to 2.24.0

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 584/1000
Why? Has a fix available, CVSS 7.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: browser-sync The new version differs by 124 commits.
  • df47bab release: 2.24.0
  • 2c7083d Merge pull request #1548 from BrowserSync/client-ts
  • ad0723d release: 2.24.0-rc4
  • b8685bc fix: (client, rxjs) fix imports to avoid the entire library being bundled
  • b2361d5 release: 2.24.0-rc3
  • 0ad5f3a deps: upgrade [email protected]
  • f6ac69f deps: upgrade [email protected]
  • 0e1dd37 deps: upgrade [email protected] - fixes #1512
  • f5a094d release: 2.24.0-rc2
  • b41f602 fix: (cli) remove `watch` boolean when false
  • 99a69ce feat: (client) rewrite to Typescript + RxJS
  • 9d9dfb1 feat: (client) make initial options available in initial payload
  • 06608fb feat: (client) added `injectNotification` option & defaulted to false
  • 4803786 feat: (client-js) allow functions in client:js hook
  • e4754c9 feat: (http-protocol) support POST requests over HTTP Protocol
  • 31bace2 tests: add cypress for integration tests
  • 679fbbc deps: [email protected]
  • 1c9ae43 Resolved warning in tsconfig.
  • b5d25f4 Merge pull request #1545 from aznnomness/master
  • 8a957e9 Merge pull request #1547 from jgravois/patch
  • 31956ab bump localtunnel to resolve security vuln nag
  • ea9da09 Resolved warning in tsconfig.
  • 78c3854 Merge pull request #1544 from SergiuNegara/fix/steam-docs-spelling
  • 4ce533c Fix stream docs spelling

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

snyk-bot avatar Jun 30 '22 09:06 snyk-bot