Browser-sync in v3.x removed localtunnel thus axios which points in v2.x to a vulnerable version:/
However the webpack plugin while fully compatible with v3.x is not updated to allow for the higher peerDependency version by a trivial condition @f3e9ead and the lack of any news about https://github.com/Va1/browser-sync-webpack-plugin/pull/96 makes it look rather abandoned.
At the same time dependabot will be trying to upgrade browser-sync to 3.x over and over without checking for failed peerDependency in a devDependency (watch fails but build passes so dependabot is happy…) so this PR resolves the issue by using a v3-compatible fork — the only change is allowing the higher peerDependecy version: madbucket/browser-sync-webpack-plugin@46132d8
May be reverted later if the og plugin gets the compatibility fix released.
Also postcss-loader is updated to the highest compatible version (that comes with dropping support for webpack 4, only webpack 5+ is now compatible) — upgrading past the v8.x breaking release would mean Node 18+ only which I'm not sure we want to do right now so left it at the most recent v7.x version that's pretty much on par and keeping the same compatibility.
Works fine (=tested) with Node versions 16, 18, 20 (LTS); might even support Node 14 (where the only limit in lockfile/engines is node-sass 9+ but that should not be needed as it's only optional peer dep and we use sass 1.x instead and that should run just fine even on the latest point releases of Node 14 if needed.)
Fixes #220, https://github.com/mozilla/ssl-config-generator/pull/218#issuecomment-1875926219
Replacing:
with updated fork.
Browser-sync in v3.x removed
localtunnelthusaxioswhich points in v2.x to a vulnerable version:/However the webpack plugin while fully compatible with v3.x is not updated to allow for the higher peerDependency version by a trivial condition
@f3e9eadand the lack of any news about https://github.com/Va1/browser-sync-webpack-plugin/pull/96 makes it look rather abandoned.At the same time dependabot will be trying to upgrade browser-sync to 3.x over and over without checking for failed peerDependency in a devDependency (
watchfails butbuildpasses so dependabot is happy…) so this PR resolves the issue by using a v3-compatible fork — the only change is allowing the higher peerDependecy version: madbucket/browser-sync-webpack-plugin@46132d8May be reverted later if the og plugin gets the compatibility fix released.
Also postcss-loader is updated to the highest compatible version (that comes with dropping support for webpack 4, only webpack 5+ is now compatible) — upgrading past the v8.x breaking release would mean Node 18+ only which I'm not sure we want to do right now so left it at the most recent v7.x version that's pretty much on par and keeping the same compatibility.
Works fine (=tested) with Node versions 16, 18, 20 (LTS); might even support Node 14 (where the only limit in lockfile/engines is node-sass 9+ but that should not be needed as it's only optional peer dep and we use sass 1.x instead and that should run just fine even on the latest point releases of Node 14 if needed.)
Supersedes #234, #233, #219, #193