The issue is that the latest lite-server has a dependency on browser-sync (2.18.12) > localtunnel (1.8.2) > request (2.78.0) > hawk (3.1.3) > hoek (2.16.3). Hawk has dependencies on sntp, boom, and cryptiles which all depend on hoek. Hoek < 4 has a vulnerability.
Latest browser-sync has a dependency on localtunnel 1.9.0 where it replaces the request dependency with axios. This should fix it for us.
johnpapa
commented
6 years ago
The issue is that the latest lite-server has a dependency on browser-sync (2.18.12) > localtunnel (1.8.2) > request (2.78.0) > hawk (3.1.3) > hoek (2.16.3). Hawk has dependencies on sntp, boom, and cryptiles which all depend on hoek. Hoek < 4 has a vulnerability.
Latest browser-sync has a dependency on localtunnel 1.9.0 where it replaces the request dependency with axios. This should fix it for us.