-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update gulp packages to address vulnerability #3343
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
package.json
Outdated
"gulp-coveralls": "^0.1.4", | ||
"gulp-eslint": "^4.0.0", | ||
"gulp-footer": "^1.0.5", | ||
"gulp-footer": "github:jsnellbaker/gulp-footer#master", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's fork this into prebid
github account so it's not tied to a particular user.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
made the the update.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one small change otherwise LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
* update gulp packages to address vulnerability * some minor cleanup in the gulpfile tasks * replace the fork used for gulp-footer
* update gulp packages to address vulnerability * some minor cleanup in the gulpfile tasks * replace the fork used for gulp-footer
* update gulp packages to address vulnerability * some minor cleanup in the gulpfile tasks * replace the fork used for gulp-footer
Type of change
Description of change
Fix for #3330
Update some gulp packages that had a vulnerable dependency and replace the
gulp-connect
withgulp-webserver
.Some context on the replacement:
When we replaced the
gulp-connect
package with a forked version that had the vulnerability fix - we were seeing errors that thegulp-connect
module couldn't be found whenever we run any gulp commands. Thenpm install
showed no errors and thegulp-connect
seemed to setup correctly in thenode_modules
; it was unclear why this wouldn't work. So we opted to find a different package that met the same need.