New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http-proxy denial of service vulnerability #1764
Comments
Patch is available now. Can somebody update http-proxy package ? |
Any movement on this? |
I got this in my project using browser-sync 2.26.7 |
What do we do now to resolve this? Feels like we are all at a crossroad with no guard at the intersection. |
+1 would also like to know whether there is a plan to fix this. |
@shakyShane Is there a chance we can get this update merged into an update? Thanks :) |
Would be great to get this merged soon :-) For now I'll set resolutions in my package.json, but would be awesome. |
Any update on this, @shakyShane? |
Just asking due to no responses but Is browser-sync dead? |
judging by latest commit, which was 14 months ago; it might be |
@kahlan88 I was thinking the same thing. Unfortunately my node app uses browsersync. Are you aware of a suitable alternative? Have you tried the forked repo requesting a pull request to fix the issue? |
You can set Like:
Re-run Hope that helps! |
@jeffschwartz I recently switched to using https://www.snowpack.dev/ for a project that had been using browsersync. I found it fairly easy to set up and it supports hot module reloading so the experience is pretty similar to browsersync but with some added bonuses like fixing up node_modules imports to work in the browser. |
@jeffschwartz if you look at #1768 - I think it's just been fixed :-) I will certainly try it tomorrow |
I was afraid that I'd have to delay the next release of my project so this is awesome news. Thanks to everyone getting this done for the community ♥👍👏. |
@kahlan88 yes, it's awesome and I will try later today and post a follow up. Thank you for your previous suggestion. |
After running npm update npm audit reports 0 issues and I can also report that the release works for me. Again, thanks to everyone who made this happen. |
Issue details
There is an open ticket for yargs-parser, but a new DOS for http-proxy showed up today:
The text was updated successfully, but these errors were encountered: