patternfly-css icon indicating copy to clipboard operation
patternfly-css copied to clipboard
verified publisher icon patternfly

[Snyk] Security upgrade browser-sync from 2.18.13 to 2.22.0

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Access Restriction Bypass
SNYK-JS-XMLHTTPREQUESTSSL-1255647		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: browser-sync The new version differs by 65 commits.
  • f72a6ad 2.22.0
  • dd35b50 make it clearer where default ignore patterns originate
  • 91480aa feat: add 'single' flag to put Browsersync into SPA mode
  • b5cc56e feat: add directory listing for serve-static mode
  • 393309b options: switch to pipeline of transforms
  • 2c744c8 tests: run all tests
  • a5e214b tests: adding tests for option merging
  • 2a2d881 cli: add cwd, watch and ignore flags
  • be1a477 fixtures: css file under .tmp directory
  • 34429f4 fixtures: add nested @ import rules
  • 55319cb client: support liveImg updating
  • cb5b44c client: log when a stylesheet will be affected
  • fb26e82 feat: support CSS imports - fixes #10
  • 4c66bb8 tests: update wherever stream/reload used to include scheduler control
  • 4c7530a tests: update .stream() api tests
  • a62b0df tests: update .reload() api tests
  • 44cdc7e tests: updating to use schedulers on time-related buffers
  • 545c7fa logger: Provide info about buffered FS events
  • a3446de adding AMD stub
  • e142eaf cli: fix shorthand proxy
  • 0d99420 deps: add crossbow for build
  • a62eb89 build client with webpack + TS + awesome-typescript loader
  • 386fcd6 Merge remote-tracking branch 'origin/master'
  • fd3d074 perf: support flexible buffers for file-watchers

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Apr 27 '21 02:04 snyk-bot