Eleventy: Vulnerability with braces

Created on 23 Feb 2019 · 5Comments · Source: 11ty/eleventy

I get this warning when fiddling with npm packages for my 11ty based site. I wanted to share in case you hadn't seen it before.

screenshot

dependency

Source

bridgestew

Most helpful comment

looks like this is fixed in 2.26.4 (https://github.com/BrowserSync/browser-sync/releases).

kleinfreund on 24 Apr 2019

❤3 👍2

All 5 comments

This should be fixed when this PR gets merged in browser-sync:
https://github.com/BrowserSync/browser-sync/pull/1659

alex-page on 24 Feb 2019

😄1 👍1

Waiting on a new browser-sync version to fix this. For the record, because Eleventy only runs at build time, there shouldn’t be any exposure here. https://www.npmjs.com/advisories/786

zachleat on 8 Mar 2019

Or https://github.com/BrowserSync/browser-sync/pull/1648 or https://github.com/BrowserSync/browser-sync/pull/1671

zachleat on 16 Mar 2019

👀2

For the record, nunjucks and browser-snyc have an additional vuln in https://www.npmjs.com/advisories/534.

Ryuno-Ki on 16 Mar 2019

looks like this is fixed in 2.26.4 (https://github.com/BrowserSync/browser-sync/releases).

kleinfreund on 24 Apr 2019

❤3 👍2

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Reading eleventyConfig in *.js Global Data Files

michrome · 3Comments

Can you query a post tag from a template?

aaronstezycki · 3Comments

Feature request: Treat any *.11tydata.js file as a directory data file.

robdodson · 3Comments

TypeError: Expected a non-empty string

zachleat · 3Comments

Also look for eleventy.js or eleventy.config.js configuration files by default

zachleat · 3Comments