[Snyk] Security upgrade browser-sync from 2.18.13 to 2.26.14

Open snyk-bot opened this issue 4 years ago • 0 comments

merge advice

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 250 commits.

d7cdcec v2.26.14
783b741 v2.26.14-y.2
368f89e fix(deps): upgraded localtunnel to fix axios issue
cbd2f34 v2.26.14-y.1
9ded19e v2.26.14-y.0
235ce22 publish scripts
9416fbf v2.26.14-alpha.1
aacc59f v2.26.14-alpha.0
bb035b4 chore(ci): trying to get reliable builds on appveyor
2320195 chore(deps): same version of socket.io-client everywhere
b0e8538 updating deps
f3d49ba chore: update scripts
cdbcabd chore: apply prettier
148c151 chore: remove bootstrap
02175da chore: remove bootstrap
2fe13e0 chore: remove bootstrap
da5ab89 chore: updated lock-file
5aca695 Merge pull request #1836
8ee49b1 fix: socket.io had a breaking change related to cors which broken the UI
35363e1 build(deps): bump socket.io in /packages/browser-sync
4acc350 chore: lock file differences
60498df Merge pull request #1796 from BrowserSync/dependabot/npm_and_yarn/node-fetch-2.6.1
8e4d802 Merge pull request #1786 from BrowserSync/dependabot/npm_and_yarn/packages/browser-sync-ui/elliptic-6.5.3
1cb50a4 Merge pull request #1787 from BrowserSync/dependabot/npm_and_yarn/packages/browser-sync-client/elliptic-6.5.3

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

May 27 '21 00:05 snyk-bot