[Snyk] Security upgrade browser-sync from 2.18.13 to 2.27.8

Open snyk-bot opened this issue 4 years ago • 0 comments

merge advice

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 250 commits.

8840282 v2.27.8
58ab4ab more version bumps + github actions (#1940)
6e8d2b2 Merge pull request #1936 from lachieh/socket-io-upgrade
e909447 update browser-sync-client ts version
daa8cd0 restore test setting
3c5777a Upgrade to latest version of socket.io. Fixes #1847
a7c14c8 v2.27.7
40ebbd8 fixes #1916
e557aac v2.27.6
6976fe9 v2.27.5
8ba1c17 updated lockfile format
c99273c Merge pull request #1915 from iwt-philipzeh/fix/ua-parser-version-security
6648032 security-patches
c2bc05d Merge pull request #1738 from davezuko/patch-1
b8abf44 Merge pull request #1858 from arafalov/master
3084279 v2.27.4
d0c9c4c security patches
a4fd558 v2.27.3
910a9e1 v2.27.2
ebe0962 docs: added snippet option for website generation
a4aa8eb v2.27.1
3825dc6 v2.27.0
462c438 updated options
525fff9 feat: added option `snippet: boolean` - fixes #1882

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

Mar 14 '22 16:03 snyk-bot