Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix npm Vulnerabilities #216

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Conversation

snuggs
Copy link
Member

@snuggs snuggs commented Jan 5, 2021

Fixes #215

  • Upgrade npm
  • Awaiing patches from browser-sync & localtunnel

Notes

Would prefer to upgrade to `[email protected] but seems to be breaking changes and introduces 10 more manual vulnerability reviews.

@snuggs snuggs self-assigned this Jan 5, 2021
@vercel
Copy link

vercel bot commented Jan 5, 2021

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/sneakyhead/snuggsi/2xd1u9gjd
✅ Preview: https://snuggsi-git-issues-215-fix-vulnerabilities.sneakyhead.vercel.app

@snuggs
Copy link
Member Author

snuggs commented Jan 6, 2021

@brandondees @JoshuaBehrens whoops on the re-review request. Was trying out some features.

That said. Check this out. The "AHA" moment is happening! It's always been there as we know. but what's different about this year is the amount of confirming comments. Few years ago when we started the tone was "yeah right. INSTALL ALL THE THINGS". Now..... "Somebody help me". >>>

https://css-tricks.com/npm-ruin-dev/ read the comments

npm ruin dev "Plain 'ol HTML, CSS, & Javascript" 👀 Sound familiar 😉

Seems like "Boring by default" is that (old) new wave 😎

/cc @rianby64 @tmornini @cristhiandick @VicenteRD @btakita @foreverc9 @kurtcagle @janz93 ☝🏽

@snuggs snuggs modified the milestone: v1 Jan 6, 2021
@brandondees
Copy link
Collaborator

@snuggs looks like the fix on browsersync is to update its subdependencies more explicitly or do a re-install so that they get bumped up

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Browser Sync vulnerability ... (again)
3 participants