Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security fixes for browser-sync package #1671

Closed
wants to merge 5 commits into from
Closed

Security fixes for browser-sync package #1671

wants to merge 5 commits into from

Conversation

alchin
Copy link

@alchin alchin commented Mar 15, 2019

Addresses security vulnerabilities reported by npm audit.

Updates micromatch
Upgrades lerna
Upgrades qs
Removes lodash-cli

@alchin
Copy link
Author

alchin commented Mar 15, 2019

Would appreciate any contributors take a look and review. Thanks.

@zachleat zachleat mentioned this pull request Mar 16, 2019
Closed
erickwilder
erickwilder approved these changes Mar 19, 2019
View reviewed changes
Copy link

@erickwilder erickwilder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!

waarissyb added a commit to waarissyb/frontend-boilerplate that referenced this pull request Mar 22, 2019
@waarissyb
feature/update-dependencies: Update dependencies with vulnerabilities
188e4a6 
Don’t you hate those warnings after running `npm i`? I looked at the npm audit security report and updated some dependencies. The vulnerabilities found by npm are reduced to 1. Only browser-sync needs to be updated right now: BrowserSync/browser-sync#1671
@waarissyb waarissyb mentioned this pull request Mar 22, 2019
Closed
wolfpilot pushed a commit to mirabeau-nl/frontend-boilerplate that referenced this pull request Mar 29, 2019
@waarissyb @wolfpilot
Update dependencies with vulnerabilities
57423e2 
Don't you hate those warnings after running `npm i`? I looked at the npm audit security report and updated some dependencies. The vulnerabilities found by npm are reduced to 1. Only browser-sync needs to be updated right now: BrowserSync/browser-sync#1671
@dennisreimann dennisreimann mentioned this pull request Apr 20, 2019
Closed
shakyShane added a commit that referenced this pull request Apr 22, 2019
@shakyShane
deps: fixes #1677 #1671 #1659 #1648
05a58db
@shakyShane
Copy link
Contributor

fixed in 2.26.4, thanks for your contribution :)

@shakyShane shakyShane closed this Apr 22, 2019
This was referenced Jun 5, 2019
Merged
Open
Closed
Merged
Closed
@snyk-bot snyk-bot mentioned this pull request Nov 18, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dot-underscore dot-underscore dot-underscore approved these changes

@erickwilder erickwilder erickwilder approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@alchin @shakyShane @erickwilder @dot-underscore @alchin-microsoft