Deprecation warning for tough-cookie due to ReDos vulnerability

[codedbypaul]

Issue details

Installed browser sync just now and got the following warning:

npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130

Steps to reproduce/test case

Install browser sync from NPM.

Please specify which version of Browsersync, node and npm you're running

• Browsersync [ 2.14.0 ]
• Node [ 6.3.0 ]
• Npm [ 3.10.3 ]

Affected platforms

• linux
• windows
• OS X
• freebsd
• solaris
• other (please specify which)

[uripre]

Also happens on Windows.

Browsersync 2.14.0
Node 4.4.7
Npm 3.3.12

[kofronpi]

Also happens on Ubuntu 16.04

BrowserSync 2.16.0
Node 6.5.0
npm 3.10.3

[bbodenmiller]

Possibly related to #1170 and #1187. Still looks to be an issue. Any progress?

[shakyShane]

updating to browser-sync@2.18.4 will fix this