SnowdogApps / magento2-frontools

Set of front-end tools for Magento 2 based on Gulp.js
MIT License
430 stars 142 forks source link

[Snyk] Security upgrade browser-sync from 2.26.13 to 2.26.14 #411

Closed Igloczek closed 3 years ago

Igloczek commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Insecure Defaults
SNYK-JS-SOCKETIO-1024859
No Proof of Concept
high severity 554/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-SOCKETIOPARSER-1056752
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: browser-sync The new version differs by 41 commits.
  • d7cdcec v2.26.14
  • 783b741 v2.26.14-y.2
  • 368f89e fix(deps): upgraded localtunnel to fix axios issue
  • cbd2f34 v2.26.14-y.1
  • 9ded19e v2.26.14-y.0
  • 235ce22 publish scripts
  • 9416fbf v2.26.14-alpha.1
  • aacc59f v2.26.14-alpha.0
  • bb035b4 chore(ci): trying to get reliable builds on appveyor
  • 2320195 chore(deps): same version of socket.io-client everywhere
  • b0e8538 updating deps
  • f3d49ba chore: update scripts
  • cdbcabd chore: apply prettier
  • 148c151 chore: remove bootstrap
  • 02175da chore: remove bootstrap
  • 2fe13e0 chore: remove bootstrap
  • da5ab89 chore: updated lock-file
  • 5aca695 Merge pull request #1836
  • 8ee49b1 fix: socket.io had a breaking change related to cors which broken the UI
  • 35363e1 build(deps): bump socket.io in /packages/browser-sync
  • 4acc350 chore: lock file differences
  • 60498df Merge pull request #1796 from BrowserSync/dependabot/npm_and_yarn/node-fetch-2.6.1
  • 8e4d802 Merge pull request #1786 from BrowserSync/dependabot/npm_and_yarn/packages/browser-sync-ui/elliptic-6.5.3
  • 1cb50a4 Merge pull request #1787 from BrowserSync/dependabot/npm_and_yarn/packages/browser-sync-client/elliptic-6.5.3
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic