New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update localtunnel to fix axios vulnerability (CVE-2021-3749) #1903
Comments
Related localtunnel/localtunnel#431 Waiting for localtunnel maintainer to publish the fix that was merged |
localtunnel 2.0.2 has been published by its maintainer. |
Hi @shakyShane, doyou have time to take care of the following vulnerability? |
This issue is still relevant since the required axios version is still outdated. |
@sjaks then go bother the maintainer yourself, I'm sick of waiting. |
Well, at least keep the issue open for us then and remove yourself from the notifications. |
Technically there's nothing to fix here. |
Issue details
axios has fixed this vulnerability.
localtunnel which depends on axios has also updated the version it uses.
browser-sync still depends on a vulnerable version of localtunnel and needs to be updated.
browser-sync/packages/browser-sync/package-lock.json
Line 1506 in a7c14c8
Steps to reproduce/test case
N/A
Please specify which version of Browsersync, node and npm you're running
Affected platforms
all of them
Browsersync use-case
N/A
If CLI, please paste the entire command below
N/A
for all other use-cases, (gulp, grunt etc), please show us exactly how you're using Browsersync
N/A
The text was updated successfully, but these errors were encountered: