Update dependency browser-sync to v2.27.8

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
browser-sync (source)	devDependencies	minor	2.26.3 -> 2.27.8

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	9.8	CVE-2021-44906	#178
High	9.8	CVE-2021-44906	#178
High	8.1	CVE-2021-32803	#126
High	8.1	CVE-2021-32804	#125
High	7.5	CVE-2018-20834	#34
Medium	5.6	CVE-2020-7598	#42
Medium	5.6	CVE-2020-7598	#42
Low	2.5	CVE-2017-18869	#88

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	9.8	CVE-2019-10746	#11
High	9.8	CVE-2019-10747	#10
High	9.8	CVE-2019-10747	#10
High	9.8	CVE-2020-15256	#16
High	9.8	CVE-2020-7774	#74
High	9.4	CVE-2021-31597	#80
High	9.1	CVE-2019-10744	#9
High	8.6	CVE-2021-23434	#143
High	8.1	CVE-2020-28502	#35
High	8.1	WS-2020-0443	#149
High	7.5	CVE-2019-10742	#7
High	7.5	CVE-2019-20149	#6
High	7.5	CVE-2020-28469	#36
High	7.5	CVE-2020-28469	#36
High	7.5	CVE-2020-36048	#104
High	7.5	CVE-2020-36049	#107
High	7.5	CVE-2020-36049	#107
High	7.5	CVE-2020-7733	#18
High	7.5	CVE-2020-7793	#92
High	7.5	CVE-2021-27292	#14
High	7.5	CVE-2021-3749	#184
High	7.5	CVE-2021-3805	#145
High	7.5	WS-2020-0091	#101
High	7.4	CVE-2020-8203	#41
High	7.2	CVE-2021-23337	#75
Medium	6.5	CVE-2022-0155	#152
Medium	5.9	CVE-2020-28168	#8
Medium	5.3	CVE-2020-28500	#33
Medium	5.3	CVE-2020-7608	#103
Medium	5.3	CVE-2021-32640	#12
Medium	4.3	CVE-2020-28481	#67

---

Release Notes

BrowserSync/browser-sync

v2.27.8

Compare Source

This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

PR:

• BrowserSync/browser-sync@58ab4ab

Resolved Issues:

• Security issue for socket.io dependency BrowserSync/browser-sync#1850
• Update package to remove the high severity vulnerability introduced in your package BrowserSync/browser-sync#1892
• Invalid "heartbeat interval" option when using engine.io@^4.0.0 BrowserSync/browser-sync#1925
• Resource exhaustion in engine.io dependency from npm audit BrowserSync/browser-sync#1926
• 4 high severity vulnerabilities when installing browser-sync BrowserSync/browser-sync#1933

Thanks to @​lachieh for the original PR, which helped me land this fix

v2.27.7

Compare Source

v2.27.6

Compare Source

v2.27.5

Compare Source

v2.27.4

Compare Source

v2.27.3

Compare Source

v2.27.1

Compare Source

This release adds a feature to address BrowserSync/browser-sync#1882

Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

browser-sync . --no-snippet

or in any Browsersync configuration

const config = {
  snippet: false,
};

the original request was related to Eleventy usage, so here's how that would look

eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});

v2.26.14

Compare Source

This is a maintenance release to address 2 security related issues (socket.io & axios)

Happy Browsersync'in :)

v2.26.13

Compare Source

v2.26.12

Compare Source

v2.26.10

Compare Source

v2.26.9

Compare Source

v2.26.7

Compare Source

v2.26.6

Compare Source

v2.26.5

Compare Source

v2.26.4

Compare Source

---

• If you want to rebase/retry this PR, click this checkbox.