Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4 high severity vulnerabilities when installing browser-sync #1933

Closed
stratboy opened this issue Feb 17, 2022 · 2 comments · Fixed by #1936
Closed

4 high severity vulnerabilities when installing browser-sync #1933

stratboy opened this issue Feb 17, 2022 · 2 comments · Fixed by #1936

Comments

@stratboy
Copy link

stratboy commented Feb 17, 2022

Issue details

4 high severity vulnerabilities

Steps to reproduce/test case

just npm install browser-sync: you'll get that warning

@cjfloss
Copy link

cjfloss commented Feb 23, 2022

# npm audit report

engine.io  <4.0.0
Severity: high
Resource exhaustion in engine.io  - https://github.com/advisories/GHSA-j4f2-536g-r55m
fix available via `npm audit fix --force`
Will install browser-sync@0.9.1, which is a breaking change
node_modules/engine.io
  socket.io  1.0.0-pre - 2.4.1
  Depends on vulnerable versions of engine.io
  node_modules/socket.io
    browser-sync  >=1.0.0
    Depends on vulnerable versions of socket.io
    node_modules/browser-sync
      browser-sync-webpack-plugin  >=0.1.2
      Depends on vulnerable versions of browser-sync
      node_modules/browser-sync-webpack-plugin

4 high severity vulnerabilities

@lachieh
Copy link
Contributor

lachieh commented Feb 24, 2022

Duplicate issue. See #1850 for original.

This was referenced Mar 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants