Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade gulp from 4.0.0 to 4.0.2 #604

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

NOUIY
Copy link
Owner

@NOUIY NOUIY commented May 18, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade gulp from 4.0.0 to 4.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 2 versions ahead of your current version.

  • The recommended version was released 5 years ago, on 2019-05-06.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-SETVALUE-1540541
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-1540541
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Prototype Pollution
SNYK-JS-SETVALUE-450213
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Prototype Pollution
SNYK-JS-MIXINDEEP-450212
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Prototype Pollution
SNYK-JS-COPYPROPS-1082870
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Prototype Pollution
SNYK-JS-INI-1048974
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Time of Check Time of Use (TOCTOU)
npm:chownr:20180731
434/1000
Why? Has a fix available, CVSS 4.4
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept
Validation Bypass
SNYK-JS-KINDOF-537849
434/1000
Why? Has a fix available, CVSS 4.4
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: gulp
  • 4.0.2 - 2019-05-06

    Fix

    Docs

    • Add notes about esm support (4091bd3) - Closes #2278
    • Fix the Negative Globs section & examples (3c66d95) - Closes #2297
    • Remove next tag from recipes (1693a11) - Closes #2277
    • Add default task wrappers to Watching Files examples to make runnable (d916276) - Closes #2322
    • Fix syntax error in lastRun API docs (ea52a92) - Closes #2315
    • Fix typo in Explaining Globs (5d81f42) - Closes #2326

    Build

    • Add node 12 to Travis & Azure (b4b5a68)
  • 4.0.1 - 2019-04-21

    Fix

    Docs

    • Fix error in ES2015 usage example (a4e8d48) - Closes #2099 #2100
    • Add temporary notice for 4.0.0 vs 3.9.1 documentation (126423a) - Closes #2121
    • Improve recipe for empty glob array (45830cf) - Closes #2122
    • Reword standard to default (b065a13)
    • Fix recipe typo (86acdea) - Closes #2156
    • Add front-matter to each file (d693e49) - Closes #2109
    • Rename "Getting Started" to "Quick Start" & update it (6a0fa00)
    • Add "Creating Tasks" documentation (21b6962)
    • Add "JavaScript and Gulpfiles" documentation (31adf07)
    • Add "Working with Files" documentation (50fafc6)
    • Add "Async Completion" documentation (ad8b568)
    • Add "Explaining Globs" documentation (f8cafa0)
    • Add "Using Plugins" documentation (233c3f9)
    • Add "Watching Files" documentation (f3f2d9f)
    • Add Table of Contents to "Getting Started" directory (a43caf2)
    • Improve & fix parts of Getting Started (84b0234)
    • Create and link-to a "docs missing" page for LINK_NEEDED references (2bd75d0)
    • Redirect users to new Getting Started guides (53e9727)
    • Temporarily reference gulp@next in Quick Start (2cecf1e)
    • Fixed a capitalization typo in a heading (3d051d8) - Closes #2242
    • Use h2 headers within Quick Start documentation (921312c) - Closes #2241
    • Fix for nested directories references (4c2b9a7)
    • Add some more cleanup for Docusaurus (6a8fd8f)
    • Temporarily point LINK_NEEDED references to documentation-missing.md (df7cdcb)
    • API documentation improvements based on feedback (0a68710)
    • Update API Table of Contents (d6dd438)
    • Add API Concepts documentation (8dd3361)
    • Add Vinyl.isCustomProp() documentation (40ee801)
    • Add Vinyl.isVinyl() documentation (25a22bf)
    • Add Vinyl documentation (fc09067)
    • Update watch() documentation (69c22f0)
    • Update tree() documentation (ebb9818)
    • Update task() documentation (b636a9c)
    • Update symlink() documentation (d580efa)
    • Update src() documentation (d95b457)
    • Update series() documentation (4169cb6)
    • Update registry() documentation (d680487)
    • Update parallel() documentation (dc3cba7)
    • Update lastRun() documentation (363df21)
    • Update dest() documentation (e447d81)
    • Split API docs into separate markdown files (a3b8ce1)
    • Fix hash link (af4bd51)
    • Replace some links in Getting Started (c433c70)
    • Remove temporary workaround for facebook/docusaurus#257 (5c07954) - Closes facebook/Docusaurus#257
    • Added code ticks to "null" where missing (cb67319) - Closes #2243
    • Fix broken link in lastRun (d35653e)
    • Add front-matter to documentation-missing page (a553cfd)
    • Improve grammar on Concepts (01cfcc5) - Closes #2247
    • Remove spaces around
      (c960c1d)
    • Improve grammar in src (eb493a2) - Closes #2248
    • Fix formatting error (ca6ba35) - Closes #2250
    • Fix formatting of lastRun (8569f85) - Closes #2251
    • Add missing link in watch (e35bdac) - Closes #2252
    • Fix broken link in tasks (6d43750) - Closes #2253
    • Improve punctuation in tree (8e9fd70) - Closes #2254
    • Fix mistake in "Splitting a gulpfile" (96c353d) - Closes #2255
    • Remove front-matter from outdated pages (c5af6f1)
    • Fix broken link in Table of Contents (c641369) - Closes #2260
    • Update the babel dependencies to install & configuration needed (7239cf1) - Closes #2136
    • Add "What's new in 4.0" section (75ea634) - Closes #2089 #2267
    • Cleanup README for "latest" bump (24e202b) - Closes #2268
    • Revert "next" reference now that 4.0 is latest (ed27cbe)
    • Add Azure Pipelines badge (f3f0548) - Closes #2310
    • Add note about transpilation to "Splitting a Gulpfile" section (53b9037) - Closes #2311 #2312
    • Improve wording of file rename (88437f2) - Closes #2314

    Upgrade

    • Update glob-watcher, gulp-cli, and undertaker dependencies & rimraf devDep (d3734d3)

    Build

    • Add node 10 to CI matrices (a5eac1c)
    • Remove jscs & update eslint for code formatting rules (ad8a2f7)
    • Fix Azure comment (34a6d53) - Closes #2307
    • Add Azure Pipelines CI (b2c6c7e) - Closes #2299

    Scaffold

    • Mark *.png and *.jpg as binary files to git (a010db6)
    • Update some links and license year (1027236)
    • Add tidelift configuration (49b5aca)
    • Add new expense policy (9819957)
    • Add support-bot template (9078c49)
  • 4.0.0 - 2018-01-01

    Update

    • Remove graceful-fs from test suite (f27be05)

    Docs

    • Remove references to gulp-util (fbc162f)
    • Fix the installation instructions (173a532)
    • Improve note about out-of-date docs (ec54d09)
    • Update recipes to install gulp@next (03b7c98)
    • Remove run-sequence from recipes (2eba29e)
    • Add installation instructions & update badges (76eb4d6)

    Upgrade

    Build

    Scaffold

from gulp GitHub release notes
Commit messages
Package name: gulp
  • 069350a Release: 4.0.2
  • b4b5a68 Build: Add node 12 to Travis & Azure
  • 5667666 Fix: Bind src/dest/symlink to the gulp instance to support esm exports (ref [Question] Why does import require functions on the prototype to be bound to the instance? standard-things/esm#797)
  • 4091bd3 Docs: Add notes about esm support (closes #2278)
  • 3c66d95 Docs: Fix the Negative Globs section & examples (closes #2297)
  • 1693a11 Docs: Remove next tag from recipes (closes #2277)
  • d916276 Docs: Add default task wrappers to Watching Files examples to make runnable (ref #2322)
  • ea52a92 Docs: Fix syntax error in lastRun API docs (closes #2315)
  • 5d81f42 Docs: Fix typo in Explaining Globs (#2326)
  • ea3bba4 Release: 4.0.1
  • d3734d3 Upgrade: Update glob-watcher, gulp-cli, and undertaker dependencies & rimraf devDep
  • 88437f2 Docs: Improve wording of file rename (#2314)
  • 53b9037 Docs: Add note about transpilation to "Splitting a Gulpfile" section (closes #2311) (#2312)
  • f3f0548 Docs: Add Azure Pipelines badge (#2310)
  • 34a6d53 Build: Fix Azure comment (#2307)
  • b2c6c7e Build: Add Azure Pipelines CI (#2299)
  • ed27cbe Docs: Revert "next" reference now that 4.0 is latest
  • 24e202b Docs: Cleanup README for "latest" bump (#2268)
  • 75ea634 Docs: Add "What's new in 4.0" section (closes #2089) (#2267)
  • 9078c49 Scaffold: Add support-bot template
  • 7239cf1 Docs: Update the babel dependencies to install & configuration needed (closes #2136)
  • c641369 Docs: Fix broken link in Table of Contents (#2260)
  • 9819957 Scaffold: Add new expense policy
  • c5af6f1 Docs: Remove front-matter from outdated pages

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Snyk has created this PR to upgrade gulp from 4.0.0 to 4.0.2.

See this package in npm:
gulp

See this project in Snyk:
https://app.snyk.io/org/nexuscompute/project/61b026bd-7498-48dc-a9b7-72a021d779c3?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

guardrails bot commented May 18, 2024

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)
Severity Details
Critical pkg:npm/[email protected] upgrade to: > 4.0.2

More info on how to fix Vulnerable Libraries in JavaScript.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment