New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RE DoS + Prototype pollution vulnerability #1587
Comments
I cannot address the localtunnel one localtunnel/localtunnel#272 |
@shakyShane How come? Aren't you the author and a contributor to that package including BrowserSync ? |
FYI, localtunnel updated their dependencies with localtunnel/localtunnel#256 and released to v1.9.1 to fix their end. |
@adamjaffeback Thanks for info. |
deps: npm audit for localtunnel - fixes #1587
@shakyShane Thanks for fixing this! I see the change is tagged with a 2.25.0 alpha release. When will the final version be released? |
Issue details
NPM flagged a vulnerability regarding this package due to a Regular Expression Denial of Service found in its
debug
dependency as follows:There's also an apparent Prototype Pollution in its
lodash
dependency as follows:Steps to reproduce/test case
Please specify which version of Browsersync, node and npm you're running
Affected platforms
Browsersync use-case
If CLI, please paste the entire command below
{cli command here}
for all other use-cases, (gulp, grunt etc), please show us exactly how you're using Browsersync
The text was updated successfully, but these errors were encountered: