Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency browser-sync to v2.27.8 #161

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mend-for-github-com[bot]
Copy link
Contributor

@mend-for-github-com mend-for-github-com bot commented Feb 5, 2022

This PR contains the following updates:

Package Type Update Change
browser-sync (source) devDependencies minor 2.26.3 -> 2.27.8

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2021-44906 #178
High 9.8 CVE-2021-44906 #178
High 8.1 CVE-2021-32803 #126
High 8.1 CVE-2021-32804 #125
High 7.5 CVE-2018-20834 #34
Medium 5.6 CVE-2020-7598 #42
Medium 5.6 CVE-2020-7598 #42
Low 2.5 CVE-2017-18869 #88

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.8 CVE-2019-10746 #11
High 9.8 CVE-2019-10747 #10
High 9.8 CVE-2019-10747 #10
High 9.8 CVE-2020-15256 #16
High 9.8 CVE-2020-7774 #74
High 9.4 CVE-2021-31597 #80
High 9.1 CVE-2019-10744 #9
High 8.6 CVE-2021-23434 #143
High 8.1 CVE-2020-28502 #35
High 8.1 WS-2020-0443 #149
High 7.5 CVE-2019-10742 #7
High 7.5 CVE-2019-20149 #6
High 7.5 CVE-2020-28469 #36
High 7.5 CVE-2020-28469 #36
High 7.5 CVE-2020-36048 #104
High 7.5 CVE-2020-36049 #107
High 7.5 CVE-2020-36049 #107
High 7.5 CVE-2020-7733 #18
High 7.5 CVE-2020-7793 #92
High 7.5 CVE-2021-27292 #14
High 7.5 CVE-2021-3749 #184
High 7.5 CVE-2021-3805 #145
High 7.5 WS-2020-0091 #101
High 7.4 CVE-2020-8203 #41
High 7.2 CVE-2021-23337 #75
Medium 6.5 CVE-2022-0155 #152
Medium 5.9 CVE-2020-28168 #8
Medium 5.3 CVE-2020-28500 #33
Medium 5.3 CVE-2020-7608 #103
Medium 5.3 CVE-2021-32640 #12
Medium 4.3 CVE-2020-28481 #67

Release Notes

BrowserSync/browser-sync

v2.27.8

Compare Source

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

Resolved Issues:

Thanks to @​lachieh for the original PR, which helped me land this fix

v2.27.7

Compare Source

v2.27.6

Compare Source

v2.27.5

Compare Source

v2.27.4

Compare Source

v2.27.3

Compare Source

v2.27.1

Compare Source

This release adds a feature to address BrowserSync/browser-sync#1882

Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

browser-sync . --no-snippet

or in any Browsersync configuration

const config = {
  snippet: false,
};

the original request was related to Eleventy usage, so here's how that would look

eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});

v2.26.14

Compare Source

This is a maintenance release to address 2 security related issues (socket.io & axios)

Happy Browsersync'in :)

v2.26.13

Compare Source

v2.26.12

Compare Source

v2.26.10

Compare Source

v2.26.9

Compare Source

v2.26.7

Compare Source

v2.26.6

Compare Source

v2.26.5

Compare Source

v2.26.4

Compare Source


  • If you want to rebase/retry this PR, click this checkbox.

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Feb 5, 2022
@mend-for-github-com mend-for-github-com bot changed the title Update dependency browser-sync to v2.26.14 Update dependency browser-sync to v2.26.4 Feb 7, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/browser-sync-2.x branch from 3438fd2 to 913fa76 Compare February 7, 2022 07:34
@mend-for-github-com mend-for-github-com bot changed the title Update dependency browser-sync to v2.26.4 Update dependency browser-sync to v2.26.14 Feb 8, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/browser-sync-2.x branch from 913fa76 to e0ee417 Compare February 8, 2022 02:33
@mend-for-github-com mend-for-github-com bot changed the title Update dependency browser-sync to v2.26.14 Update dependency browser-sync to v2.26.4 Feb 20, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/browser-sync-2.x branch 2 times, most recently from 8a2fb93 to adb3063 Compare February 21, 2022 22:46
@mend-for-github-com mend-for-github-com bot changed the title Update dependency browser-sync to v2.26.4 Update dependency browser-sync to v2.26.14 Feb 21, 2022
@mend-for-github-com mend-for-github-com bot changed the title Update dependency browser-sync to v2.26.14 Update dependency browser-sync to v2.26.4 Feb 22, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/browser-sync-2.x branch from adb3063 to d0251df Compare February 22, 2022 13:03
@mend-for-github-com mend-for-github-com bot changed the title Update dependency browser-sync to v2.26.4 Update dependency browser-sync to v2.26.14 Mar 6, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/browser-sync-2.x branch from d0251df to c902cf0 Compare March 6, 2022 16:20
@mend-for-github-com mend-for-github-com bot changed the title Update dependency browser-sync to v2.26.14 Update dependency browser-sync to v2.27.9 Apr 19, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/browser-sync-2.x branch from c902cf0 to 3f141c7 Compare April 19, 2022 22:05
@mend-for-github-com mend-for-github-com bot changed the title Update dependency browser-sync to v2.27.9 Update dependency browser-sync to v2.27.8 Apr 21, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/browser-sync-2.x branch from 3f141c7 to 08a53c7 Compare April 21, 2022 03:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants