Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Browsersync to resolve axios vulnerability #2394

Merged
merged 3 commits into from
Feb 22, 2024
Merged

Update Browsersync to resolve axios vulnerability #2394

merged 3 commits into from
Feb 22, 2024

Conversation

colinrotherham
Copy link
Contributor

@colinrotherham colinrotherham commented Feb 21, 2024
edited
Loading

See GitHub Advisory: GHSA-wf5p-g6vw-rhxx

This PR also runs npm update --save to pick up minor/patch versions for other packages

Closes #2383

Browsersync update

Updating from browser-sync@2.29.3browser-sync@3.0.2 is a non-breaking change for this project

The vulnerability only affected Browsersync config tunnel: true which is not used by the Prototype Kit

@joelanman
Copy link
Contributor

thanks this is good and we should do it, but just for clarity, we don't use that option so it's not currently a vulnerability that affects our users I dont think

@colinrotherham colinrotherham force-pushed the package-updates branch 2 times, most recently from 33b0b01 to 68333fe Compare February 21, 2024 21:26
@colinrotherham colinrotherham changed the base branch from main to frontend-5.2.0 February 21, 2024 21:26
@colinrotherham
Run npm update --save
63061b2
@colinrotherham
Update Browsersync to resolve axios vulnerability
2180803 
See GitHub Advisory: GHSA-wf5p-g6vw-rhxx

Updating to `browser-sync@3` is a non-breaking change because this project does not use `tunnel: true`
@colinrotherham
Add CHANGELOG entry
d874114
@colinrotherham colinrotherham mentioned this pull request Feb 21, 2024
Closed
domoscargin
domoscargin approved these changes Feb 22, 2024
View reviewed changes
Copy link
Contributor

@domoscargin domoscargin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I love the smell of freshly updated dependencies...

Base automatically changed from frontend-5.2.0 to main February 22, 2024 11:33
@colinrotherham colinrotherham merged commit dcf4429 into main Feb 22, 2024
30 checks passed
@colinrotherham colinrotherham deleted the package-updates branch February 22, 2024 12:06
@36degrees 36degrees mentioned this pull request Mar 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domoscargin domoscargin domoscargin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vulnerability in axios
3 participants
@colinrotherham @joelanman @domoscargin