patternfly-css icon indicating copy to clipboard operation
patternfly-css copied to clipboard

Published 20 hours ago verified publisher icon patternfly

[Snyk] Security upgrade browser-sync from 2.18.13 to 2.24.7

Open mtho11 opened this issue 10 months ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LODASH-6139239		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: browser-sync The new version differs by 152 commits.
  • 8c28e8c 2.24.7
  • 9e96603 fix: scroll - add missing init method for window.name method of scroll restoring - fixes #1586 #1457 #1457
  • 48286e0 fix: proxy Port gets unnecesarily rewritten in Proxy - fixes #1577
  • a6578a3 deps: [email protected] [email protected] [email protected]
  • ef6bfa5 Merge pull request #1582 from strarsis/patch-1
  • 7c0a65c 2.24.6
  • 15c838e docs: updated cwd, watch & callbacks inline documentation
  • bb7bef1 Merge pull request #1584 from adamzerella/issue/Add-docs-for-cwd
  • e41ccea Added doc note for cwd
  • b6ba0dd Update opn to latest release
  • ef0f947 2.24.5
  • fda88b1 Merge pull request #1572 from BrowserSync/audit
  • a89336b ci: don't run coverage
  • 123551b deps: bump mocha + add `--exit` flag
  • 90e7306 fix: TypeError when watchOptions.ignored is not an array - fixes #1563
  • dd70eba deps: update following npm audit - fixes #1559
  • 19359cc 2.24.4
  • a6d39e6 fix: Remote Debug tools do not work - fixes #1556
  • f89aa04 2.24.3
  • 80d5ed3 Merge pull request #1555 from BrowserSync/bugs/1553
  • 3073d61 Merge pull request #1554 from BrowserSync/bugs/1543
  • cc5118c fix: Don’t always add "defaultIgnorePatterns" - fixes #1543
  • 1153845 fix: handle windows-style paths on the client - fixes #1553
  • af79226 2.24.2

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

mtho11 avatar Apr 16 '24 01:04 mtho11