Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade gulp-cli from 2.0.1 to 2.3.0 #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade gulp-cli from 2.0.1 to 2.3.0 #3

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade gulp-cli from 2.0.1 to 2.3.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released a year ago, on 2020-06-04.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-Y18N-1021887		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TRIM-1017038		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Arbitrary Code Execution
SNYK-JS-THENIFY-571690		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Arbitrary File Overwrite
SNYK-JS-TAR-174125		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-SETVALUE-450213		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Use After Free
SNYK-JS-NODESASS-535497		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-MOUT-1014544		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-MIXINDEEP-450212		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASHMERGEWITH-174136		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-608086		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-590103		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-450202		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Command Injection
SNYK-JS-LODASH-1040724		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Arbitrary Code Execution
SNYK-JS-JSYAML-174129		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-INI-1048974		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Arbitrary File Overwrite
SNYK-JS-FSTREAM-174725		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Cryptographic Issues
SNYK-JS-ELLIPTIC-571484		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Prototype Pollution
SNYK-JS-COPYPROPS-1082870		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Remote Memory Exposure
SNYK-JS-BL-608877		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-AJV-584908		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Denial of Service (DoS)
SNYK-JS-NODESASS-542662		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-567746		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Denial of Service (DoS)
SNYK-JS-JSYAML-173999		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Denial of Service (DoS)
SNYK-JS-HTTPPROXY-569139		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Timing Attack
SNYK-JS-ELLIPTIC-511941		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Cryptographic Issues
SNYK-JS-ELLIPTIC-1064899		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Open Redirect
SNYK-JS-ECSTATIC-174543		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 No Known Exploit
Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-DECOMPRESSTAR-559095		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-DECOMPRESS-557358		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept
Validation Bypass
SNYK-JS-KINDOF-537849		 472/1000
Why? Proof of Concept exploit, CVSS 7.3		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: gulp-cli
  • 2.3.0 - 2020-06-04

    New

    • Support ESM w/ mjs extension where available (c9e9125) - Closes #214

    Build

    • Add node 12/14 to matrix (79356a4)
  • 2.2.1 - 2020-05-20

    Fix

    • Avoid recommending npm if yarn should be used (c1b261c) - Closes #158
    • Avoid false positive reporting of sync tasks on errors (d827191) - Closes #162 #204
    • Support Windows extended-length paths with path.join (8570b0c) - Closes #200 #201
    • Use the raw GitHub URL for old blacklist (a3d52f2)

    Scaffold

    • Update gulp website links to https (d0cf312) - Closes #198
  • 2.2.0 - 2019-04-20

    New

    Build

    • Improve tests and raise coverage (2d8a320) - Closes #190
  • 2.1.0 - 2019-03-26

    Fix

    • Log requireFail results in yellow on stdout instead of red on stderr (e9af812) - Closes #142 #151
    • Allow gulpfiles specified by .gulp.* to register a loader (be9d25a) - Closes #181
    • Suppress logging when --tasks-json, --help, --version flag is specified (a4236f2) - Closes #157 #159
    • Prioritize CLI flags over config file properties (1b80d67) - Closes #185

    New

    • Support flags.require config option (33e14d7) - Closes #108 #167 #183
    • Tailor message when local gulp is missing (c5a800c) - Closes #155
    • Support flags.nodeFlags config option (ad18c27)

    Update

    • Surface errors from modules loaded by --require flag (7d9d1a0) - Closes #176
    • Pass updated eslint rules (4ab4aed)

    Upgrade

    • Update liftoff & devDependencies (6766634)

    Build

    • Improve AppVeyor & Travis config (9a8a136)
    • Add test for v8flags (927e055)

    Scaffold

  • 2.0.1 - 2018-01-22

    Fix

    Update

    • Fix line endings of fixtures (49203c8)

    Upgrade

    • Update fancy-log, interpret, liftoff, semver-greatest-satisfied-range & devDependencies (1ba6095)

    Scaffold

    • Disable npm package-lock.json with npmrc (ad55dc2)
from gulp-cli GitHub release notes
Commit messages
Package name: gulp-cli
  • 726c6ed Release: 2.3.0
  • 79356a4 Build: Add node 12/14 to matrix
  • c9e9125 New: Support ESM w/ mjs extension where available (#214)
  • e2d7bce Release: 2.2.1
  • c1b261c Fix: Avoid recommending npm if yarn should be used (#158)
  • d827191 Fix: Avoid false positive reporting of sync tasks on errors (fixes #162) (#204)
  • 8570b0c Fix: Support Windows extended-length paths with path.join (fixes #200) (#201)
  • a3d52f2 Fix: Use the raw GitHub URL for old blacklist
  • d0cf312 Scaffold: Update gulp website links to https (#198)
  • ef58c59 Release: 2.2.0
  • 190aaeb New: Honor displayName in ESM exports (closes Decamelize tasks created by ES module exports gulpjs/gulp#2270) (#189)
  • 2d8a320 Build: Improve tests and raise coverage (#190)
  • 12a022a Release: 2.1.0
  • c5a800c New: Tailor message when local gulp is missing (#155)
  • 927e055 Build: Add test for v8flags
  • ad18c27 New: Support `flags.nodeFlags` config option
  • 1b80d67 Fix: Prioritize CLI flags over config file properties (fixes #185)
  • 33e14d7 New: Support `flags.require` config option (closes #108, closes #167) (#183)
  • a4236f2 Fix: Suppress logging when `--tasks-json`, `--help`, `--version` flag is specified (closes #157) (#159)
  • be9d25a Fix: Allow gulpfiles specified by .gulp.* to register a loader (fixes #181)
  • 9a8a136 Build: Improve AppVeyor & Travis config
  • 4ab4aed Update: Pass updated eslint rules
  • ef7def3 Scaffold: Remove jscs
  • 6766634 Upgrade: Update liftoff & devDependencies

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Decamelize tasks created by ES module exports
1 participant
@snyk-bot