You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Running npm audit against "@11ty/eleventy": "1.0.2" returns the following:
# npm audit report
qs <6.2.4
Severity: high
qs vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-hrpp-h998-j3pp
fix available via `npm audit fix --force`
Will install @11ty/eleventy@0.3.3, which is a breaking change
node_modules/qs
browser-sync >=2.12.1
Depends on vulnerable versions of qs
node_modules/browser-sync
@11ty/eleventy 0.3.4 - 1.0.2
Depends on vulnerable versions of browser-sync
node_modules/@11ty/eleventy
To Reproduce
Run npm audit
Environment:
OS and Version: macOS Ventura 13.0
Eleventy Version: 1.0.2
Additional context
Appreciate this also needs to be raised down the stack: I see "browser-sync": "2.27.10" was tagged in May, while the issue appears to be fixed in `"qs": "6.2.4".
The text was updated successfully, but these errors were encountered:
This was fixed in browser-sync 2.27.11 which is compatible with our current versioning in both 1.x and 2.x (via eleventy-server-browsersync). Thank you!
Describe the bug
Running
npm audit
against"@11ty/eleventy": "1.0.2"
returns the following:To Reproduce
npm audit
Environment:
Additional context
Appreciate this also needs to be raised down the stack: I see
"browser-sync": "2.27.10"
was tagged in May, while the issue appears to be fixed in `"qs": "6.2.4".The text was updated successfully, but these errors were encountered: