Update localtunnel to fix axios vulnerability (CVE-2021-3749) #1903
Comments
|
Related localtunnel/localtunnel#431 Waiting for localtunnel maintainer to publish the fix that was merged |
|
localtunnel 2.0.2 has been published by its maintainer. |
|
Hi @shakyShane, doyou have time to take care of the following vulnerability? |
|
This issue is still relevant since the required axios version is still outdated. |
|
@sjaks then go bother the maintainer yourself, I'm sick of waiting. |
|
Well, at least keep the issue open for us then and remove yourself from the notifications. |
|
Technically there's nothing to fix here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue details
axios has fixed this vulnerability.
localtunnel which depends on axios has also updated the version it uses.
browser-sync still depends on a vulnerable version of localtunnel and needs to be updated.
browser-sync/packages/browser-sync/package-lock.json
Line 1506 in a7c14c8
Steps to reproduce/test case
N/A
Please specify which version of Browsersync, node and npm you're running
Affected platforms
all of them
Browsersync use-case
N/A
If CLI, please paste the entire command below
N/A
for all other use-cases, (gulp, grunt etc), please show us exactly how you're using Browsersync
N/A
The text was updated successfully, but these errors were encountered: