pcf-start security vulnerability dependency loop
omnisip opened this issue · comments
Filing here since there is no place to file tickets for pcf-start that I can find.
See below. There's a security vulnerability loop for dependencies on local tunnel that will recur every time you run npm audit fix and update pcf-start. I don't know how to fix it. Issue needs to be resolved since it's a microsoft component and a security vulnerability.
% npm audit fix
up to date, audited 1792 packages in 3s
262 packages are looking for funding
run npm fund
for details
npm audit report
axios 0.8.1 - 1.5.1
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - GHSA-wf5p-g6vw-rhxx
fix available via npm audit fix
node_modules/axios
localtunnel >=1.9.0
Depends on vulnerable versions of axios
node_modules/localtunnel
browser-sync 2.24.0-rc1 - 3.0.0-alpha.2
Depends on vulnerable versions of localtunnel
node_modules/browser-sync
pcf-start >=1.11.3
Depends on vulnerable versions of browser-sync
node_modules/pcf-start
4 moderate severity vulnerabilities
To address all issues, run:
npm audit fix
@omnisip We do not handle support issues here. Try contact MS Support or post your question in the forums.
If you have a question about one of our code samples, let us know which sample.