You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A cross-site request forgery vulnerability exists in axios < 1.6.0. The Prototype Kit requires axios@0.21.4 via a transitive dependency on localtunnel@2.0.2, which is itself a dependency of browser-sync@2.29.3
The vulnerability has been reported on the localtunnel GitHub repo, but the last commit on localtunnel was August 2022, so I'm not convinced this will be addressed in a timely manner.
The text was updated successfully, but these errors were encountered:
Browser-sync has now been updated (>=3.0) so that installation of localtunnel is the responsibility of the user see commit. A patched version of local tunnel has been created here.
For context on browsersync/local tunnel see here.
A cross-site request forgery vulnerability exists in axios < 1.6.0. The Prototype Kit requires axios@0.21.4 via a transitive dependency on localtunnel@2.0.2, which is itself a dependency of browser-sync@2.29.3
The vulnerability has been reported on the localtunnel GitHub repo, but the last commit on localtunnel was August 2022, so I'm not convinced this will be addressed in a timely manner.
The text was updated successfully, but these errors were encountered: