Snyk has created this PR to upgrade browser-sync from 2.26.7 to 2.27.7.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 13 versions ahead of your current version.
The recommended version was released 2 months ago, on 2021-10-27.
Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)
browser-sync . --no-snippet
or in any Browsersync configuration
constconfig={snippet: false,};
the original request was related to Eleventy usage, so here's how that would look
Snyk has created this PR to upgrade browser-sync from 2.26.7 to 2.27.7.
The recommended version fixes:
SNYK-JS-XMLHTTPREQUESTSSL-1255647
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-XMLHTTPREQUESTSSL-1082936
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-SOCKETIOPARSER-1056752
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-SOCKETIOPARSER-1056752
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-OBJECTPATH-1017036
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-SOCKETIO-1024859
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-OBJECTPATH-1569453
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-HTTPPROXY-569139
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: browser-sync
-
2.27.7 - 2021-10-27
-
2.27.6 - 2021-10-26
-
2.27.5 - 2021-07-27
-
2.27.4 - 2021-07-01
-
2.27.3 - 2021-06-26
-
2.27.1 - 2021-06-24
-
2.26.14 - 2021-01-24
-
2.26.14-y.2 - 2021-01-24
-
2.26.14-y.1 - 2021-01-24
-
2.26.13 - 2020-10-17
-
2.26.12 - 2020-07-26
-
2.26.10 - 2020-07-17
-
2.26.9 - 2020-07-16
-
2.26.7 - 2019-06-07
from browser-sync GitHub release notesv2.27.7
v2.27.6
v2.27.5
v2.27.4
v2.27.3
This release adds a feature to address #1882
Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new
snippetoption :)browser-sync . --no-snippetor in any Browsersync configuration
the original request was related to Eleventy usage, so here's how that would look
This is a maintenance release to address 2 security related issues (socket.io & axios)
Happy Browsersync'in :)
v2.26.14-y.2
Commit messages
Package name: browser-sync
- a7c14c8 v2.27.7
- 40ebbd8 fixes #1916
- e557aac v2.27.6
- 6976fe9 v2.27.5
- 8ba1c17 updated lockfile format
- c99273c Merge pull request #1915 from iwt-philipzeh/fix/ua-parser-version-security
- 6648032 security-patches
- c2bc05d Merge pull request #1738 from davezuko/patch-1
- b8abf44 Merge pull request #1858 from arafalov/master
- 3084279 v2.27.4
- d0c9c4c security patches
- a4fd558 v2.27.3
- 910a9e1 v2.27.2
- ebe0962 docs: added snippet option for website generation
- a4aa8eb v2.27.1
- 3825dc6 v2.27.0
- 462c438 updated options
- 525fff9 feat: added option `snippet: boolean` - fixes #1882
- f6336ea added failing test
- 6893ab3 Fix #1799 - pesticide link
- d7cdcec v2.26.14
- 783b741 v2.26.14-y.2
- 368f89e fix(deps): upgraded localtunnel to fix axios issue
- cbd2f34 v2.26.14-y.1
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs