Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade gulp from 4.0.0 to 4.0.2 #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade gulp from 4.0.0 to 4.0.2.

merge advice

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released a year ago, on 2019-05-06.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Arbitrary File Overwrite
SNYK-JS-TAR-174125
405/1000
Why? CVSS 8.1
No Known Exploit
Prototype Pollution
SNYK-JS-SETVALUE-450213
405/1000
Why? CVSS 8.1
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213
405/1000
Why? CVSS 8.1
Proof of Concept
Prototype Pollution
SNYK-JS-MIXINDEEP-450212
405/1000
Why? CVSS 8.1
Proof of Concept
Time of Check Time of Use (TOCTOU)
npm:chownr:20180731
405/1000
Why? CVSS 8.1
No Known Exploit
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
405/1000
Why? CVSS 8.1
Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-559764
405/1000
Why? CVSS 8.1
Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-559764
405/1000
Why? CVSS 8.1
Proof of Concept
Information Exposure
SNYK-JS-KINDOF-537849
405/1000
Why? CVSS 8.1
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: gulp
  • 4.0.2 - 2019-05-06

    Fix

    Docs

    • Add notes about esm support (4091bd3) - Closes #2278
    • Fix the Negative Globs section & examples (3c66d95) - Closes #2297
    • Remove next tag from recipes (1693a11) - Closes #2277
    • Add default task wrappers to Watching Files examples to make runnable (d916276) - Closes #2322
    • Fix syntax error in lastRun API docs (ea52a92) - Closes #2315
    • Fix typo in Explaining Globs (5d81f42) - Closes #2326

    Build

    • Add node 12 to Travis & Azure (b4b5a68)
  • 4.0.1 - 2019-04-21

    Fix

    Docs

    • Fix error in ES2015 usage example (a4e8d48) - Closes #2099 #2100
    • Add temporary notice for 4.0.0 vs 3.9.1 documentation (126423a) - Closes #2121
    • Improve recipe for empty glob array (45830cf) - Closes #2122
    • Reword standard to default (b065a13)
    • Fix recipe typo (86acdea) - Closes #2156
    • Add front-matter to each file (d693e49) - Closes #2109
    • Rename "Getting Started" to "Quick Start" & update it (6a0fa00)
    • Add "Creating Tasks" documentation (21b6962)
    • Add "JavaScript and Gulpfiles" documentation (31adf07)
    • Add "Working with Files" documentation (50fafc6)
    • Add "Async Completion" documentation (ad8b568)
    • Add "Explaining Globs" documentation (f8cafa0)
    • Add "Using Plugins" documentation (233c3f9)
    • Add "Watching Files" documentation (f3f2d9f)
    • Add Table of Contents to "Getting Started" directory (a43caf2)
    • Improve & fix parts of Getting Started (84b0234)
    • Create and link-to a "docs missing" page for LINK_NEEDED references (2bd75d0)
    • Redirect users to new Getting Started guides (53e9727)
    • Temporarily reference gulp@next in Quick Start (2cecf1e)
    • Fixed a capitalization typo in a heading (3d051d8) - Closes #2242
    • Use h2 headers within Quick Start documentation (921312c) - Closes #2241
    • Fix for nested directories references (4c2b9a7)
    • Add some more cleanup for Docusaurus (6a8fd8f)
    • Temporarily point LINK_NEEDED references to documentation-missing.md (df7cdcb)
    • API documentation improvements based on feedback (0a68710)
    • Update API Table of Contents (d6dd438)
    • Add API Concepts documentation (8dd3361)
    • Add Vinyl.isCustomProp() documentation (40ee801)
    • Add Vinyl.isVinyl() documentation (25a22bf)
    • Add Vinyl documentation (fc09067)
    • Update watch() documentation (69c22f0)
    • Update tree() documentation (ebb9818)
    • Update task() documentation (b636a9c)
    • Update symlink() documentation (d580efa)
    • Update src() documentation (d95b457)
    • Update series() documentation (4169cb6)
    • Update registry() documentation (d680487)
    • Update parallel() documentation (dc3cba7)
    • Update lastRun() documentation (363df21)
    • Update dest() documentation (e447d81)
    • Split API docs into separate markdown files (a3b8ce1)
    • Fix hash link (af4bd51)
    • Replace some links in Getting Started (c433c70)
    • Remove temporary workaround for facebook/docusaurus#257 (5c07954) - Closes facebook/Docusaurus#257
    • Added code ticks to "null" where missing (cb67319) - Closes #2243
    • Fix broken link in lastRun (d35653e)
    • Add front-matter to documentation-missing page (a553cfd)
    • Improve grammar on Concepts (01cfcc5) - Closes #2247
    • Remove spaces around
      (c960c1d)
    • Improve grammar in src (eb493a2) - Closes #2248
    • Fix formatting error (ca6ba35) - Closes #2250
    • Fix formatting of lastRun (8569f85) - Closes #2251
    • Add missing link in watch (e35bdac) - Closes #2252
    • Fix broken link in tasks (6d43750) - Closes #2253
    • Improve punctuation in tree (8e9fd70) - Closes #2254
    • Fix mistake in "Splitting a gulpfile" (96c353d) - Closes #2255
    • Remove front-matter from outdated pages (c5af6f1)
    • Fix broken link in Table of Contents (c641369) - Closes #2260
    • Update the babel dependencies to install & configuration needed (7239cf1) - Closes #2136
    • Add "What's new in 4.0" section (75ea634) - Closes #2089 #2267
    • Cleanup README for "latest" bump (24e202b) - Closes #2268
    • Revert "next" reference now that 4.0 is latest (ed27cbe)
    • Add Azure Pipelines badge (f3f0548) - Closes #2310
    • Add note about transpilation to "Splitting a Gulpfile" section (53b9037) - Closes #2311 #2312
    • Improve wording of file rename (88437f2) - Closes #2314

    Upgrade

    • Update glob-watcher, gulp-cli, and undertaker dependencies & rimraf devDep (d3734d3)

    Build

    • Add node 10 to CI matrices (a5eac1c)
    • Remove jscs & update eslint for code formatting rules (ad8a2f7)
    • Fix Azure comment (34a6d53) - Closes #2307
    • Add Azure Pipelines CI (b2c6c7e) - Closes #2299

    Scaffold

    • Mark *.png and *.jpg as binary files to git (a010db6)
    • Update some links and license year (1027236)
    • Add tidelift configuration (49b5aca)
    • Add new expense policy (9819957)
    • Add support-bot template (9078c49)
  • 4.0.0 - 2018-01-01

    Update

    • Remove graceful-fs from test suite (f27be05)

    Docs

    • Remove references to gulp-util (fbc162f)
    • Fix the installation instructions (173a532)
    • Improve note about out-of-date docs (ec54d09)
    • Update recipes to install gulp@next (03b7c98)
    • Remove run-sequence from recipes (2eba29e)
    • Add installation instructions & update badges (76eb4d6)

    Upgrade

    Build

    Scaffold

from gulp GitHub release notes
Commit messages
Package name: gulp

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
1 participant