4 high severity vulnerabilities when installing browser-sync

[stratboy]

Issue details

4 high severity vulnerabilities

Steps to reproduce/test case

just npm install browser-sync: you'll get that warning

[cjfloss]

# npm audit report

engine.io  <4.0.0
Severity: high
Resource exhaustion in engine.io  - https://github.com/advisories/GHSA-j4f2-536g-r55m
fix available via `npm audit fix --force`
Will install browser-sync@0.9.1, which is a breaking change
node_modules/engine.io
  socket.io  1.0.0-pre - 2.4.1
  Depends on vulnerable versions of engine.io
  node_modules/socket.io
    browser-sync  >=1.0.0
    Depends on vulnerable versions of socket.io
    node_modules/browser-sync
      browser-sync-webpack-plugin  >=0.1.2
      Depends on vulnerable versions of browser-sync
      node_modules/browser-sync-webpack-plugin

4 high severity vulnerabilities

[lachieh]

Duplicate issue. See #1850 for original.