devpunks
Fix npm Vulnerabilities
Fixes #215
- [x] Upgrade npm
- [ ] Awaiing patches from
browser-sync&localtunnel
Notes
Would prefer to upgrade to `[email protected] but seems to be breaking changes and introduces 10 more manual vulnerability reviews.
This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.
🔍 Inspect: https://vercel.com/sneakyhead/snuggsi/2xd1u9gjd
✅ Preview: https://snuggsi-git-issues-215-fix-vulnerabilities.sneakyhead.vercel.app
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
@brandondees @JoshuaBehrens whoops on the re-review request. Was trying out some features.
That said. Check this out. The "AHA" moment is happening! It's always been there as we know. but what's different about this year is the amount of confirming comments. Few years ago when we started the tone was "yeah right. INSTALL ALL THE THINGS". Now..... "Somebody help me". >>>
https://css-tricks.com/npm-ruin-dev/ read the comments
npm ruin dev "Plain 'ol HTML, CSS, & Javascript" 👀 Sound familiar 😉
Seems like "Boring by default" is that (old) new wave 😎
/cc @rianby64 @tmornini @cristhiandick @VicenteRD @btakita @foreverc9 @kurtcagle @janz93 ☝🏽
@brandondees @JoshuaBehrens we got movement! #SqueakyWheel 🚗
- https://github.com/BrowserSync/browser-sync/issues/1695#issuecomment-755219633
- https://github.com/BrowserSync/browser-sync/issues/1831
@snuggs looks like the fix on browsersync is to update its subdependencies more explicitly or do a re-install so that they get bumped up
