You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your enhancement related to a problem? Please describe.
BrowserSync doesn’t seem to be actively maintained anymore and also has a severe vulnerability (engine.io) and there’s no way for us to update the dependency with the security vulnerability.
Now that #150 is merged and provides a much better experience. We should remove browser-sync from 10up-toolkit.
The proper way to do this would be to cut a major release but I m also not sure how actively BrowserSync is being used across 10up engineers.
Designs
No response
Describe alternatives you've considered
Remove browser-sync in the next minor version release but still provide an easy way to opt-in by manually installing BrowserSync. 10up-toolkit would then detect if the package was installed and then run browser sync in watch mode.
#159 removes it but still supports it if the packages are installed at the project level. I like this idea because it removes a problematic package with known high severe security issues while still providing an easy way for projects to get it working in case they can't migrate to --hot immediately.
Is your enhancement related to a problem? Please describe.
BrowserSync doesn’t seem to be actively maintained anymore and also has a severe vulnerability (engine.io) and there’s no way for us to update the dependency with the security vulnerability.
Now that #150 is merged and provides a much better experience. We should remove browser-sync from 10up-toolkit.
The proper way to do this would be to cut a major release but I m also not sure how actively BrowserSync is being used across 10up engineers.
Designs
No response
Describe alternatives you've considered
Remove browser-sync in the next minor version release but still provide an easy way to opt-in by manually installing BrowserSync. 10up-toolkit would then detect if the package was installed and then run browser sync in watch mode.
#159 removes it but still supports it if the packages are installed at the project level. I like this idea because it removes a problematic package with known high severe security issues while still providing an easy way for projects to get it working in case they can't migrate to
--hot
immediately.Thoughts @joesnellpdx and @devinle
Code of Conduct
The text was updated successfully, but these errors were encountered: