Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade gulp from 4.0.0 to 4.0.2 #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade gulp from 4.0.0 to 4.0.2.

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released 6 months ago, on 2019-05-06.

The recommended version fixes:

Severity Title Issue ID
Prototype Pollution SNYK-JS-MIXINDEEP-450212
Prototype Pollution SNYK-JS-SETVALUE-450213
Prototype Pollution SNYK-JS-SETVALUE-450213
Arbitrary File Overwrite SNYK-JS-TAR-174125
Time of Check Time of Use (TOCTOU) npm:chownr:20180731
Release notes
  • Package name: gulp
    • 4.0.2 - 2019-05-06

      Fix

      Docs

      • Add notes about esm support (4091bd3) - Closes #2278
      • Fix the Negative Globs section & examples (3c66d95) - Closes #2297
      • Remove next tag from recipes (1693a11) - Closes #2277
      • Add default task wrappers to Watching Files examples to make runnable (d916276) - Closes #2322
      • Fix syntax error in lastRun API docs (ea52a92) - Closes #2315
      • Fix typo in Explaining Globs (5d81f42) - Closes #2326

      Build

      • Add node 12 to Travis & Azure (b4b5a68)
    • 4.0.1 - 2019-04-21

      Fix

      Docs

      • Fix error in ES2015 usage example (a4e8d48) - Closes #2099 #2100
      • Add temporary notice for 4.0.0 vs 3.9.1 documentation (126423a) - Closes #2121
      • Improve recipe for empty glob array (45830cf) - Closes #2122
      • Reword standard to default (b065a13)
      • Fix recipe typo (86acdea) - Closes #2156
      • Add front-matter to each file (d693e49) - Closes #2109
      • Rename "Getting Started" to "Quick Start" & update it (6a0fa00)
      • Add "Creating Tasks" documentation (21b6962)
      • Add "JavaScript and Gulpfiles" documentation (31adf07)
      • Add "Working with Files" documentation (50fafc6)
      • Add "Async Completion" documentation (ad8b568)
      • Add "Explaining Globs" documentation (f8cafa0)
      • Add "Using Plugins" documentation (233c3f9)
      • Add "Watching Files" documentation (f3f2d9f)
      • Add Table of Contents to "Getting Started" directory (a43caf2)
      • Improve & fix parts of Getting Started (84b0234)
      • Create and link-to a "docs missing" page for LINK_NEEDED references (2bd75d0)
      • Redirect users to new Getting Started guides (53e9727)
      • Temporarily reference gulp@next in Quick Start (2cecf1e)
      • Fixed a capitalization typo in a heading (3d051d8) - Closes #2242
      • Use h2 headers within Quick Start documentation (921312c) - Closes #2241
      • Fix for nested directories references (4c2b9a7)
      • Add some more cleanup for Docusaurus (6a8fd8f)
      • Temporarily point LINK_NEEDED references to documentation-missing.md (df7cdcb)
      • API documentation improvements based on feedback (0a68710)
      • Update API Table of Contents (d6dd438)
      • Add API Concepts documentation (8dd3361)
      • Add Vinyl.isCustomProp() documentation (40ee801)
      • Add Vinyl.isVinyl() documentation (25a22bf)
      • Add Vinyl documentation (fc09067)
      • Update watch() documentation (69c22f0)
      • Update tree() documentation (ebb9818)
      • Update task() documentation (b636a9c)
      • Update symlink() documentation (d580efa)
      • Update src() documentation (d95b457)
      • Update series() documentation (4169cb6)
      • Update registry() documentation (d680487)
      • Update parallel() documentation (dc3cba7)
      • Update lastRun() documentation (363df21)
      • Update dest() documentation (e447d81)
      • Split API docs into separate markdown files (a3b8ce1)
      • Fix hash link (af4bd51)
      • Replace some links in Getting Started (c433c70)
      • Remove temporary workaround for facebook/docusaurus#257 (5c07954) - Closes facebook/Docusaurus#257
      • Added code ticks to "null" where missing (cb67319) - Closes #2243
      • Fix broken link in lastRun (d35653e)
      • Add front-matter to documentation-missing page (a553cfd)
      • Improve grammar on Concepts (01cfcc5) - Closes #2247
      • Remove spaces around
        (c960c1d)
      • Improve grammar in src (eb493a2) - Closes #2248
      • Fix formatting error (ca6ba35) - Closes #2250
      • Fix formatting of lastRun (8569f85) - Closes #2251
      • Add missing link in watch (e35bdac) - Closes #2252
      • Fix broken link in tasks (6d43750) - Closes #2253
      • Improve punctuation in tree (8e9fd70) - Closes #2254
      • Fix mistake in "Splitting a gulpfile" (96c353d) - Closes #2255
      • Remove front-matter from outdated pages (c5af6f1)
      • Fix broken link in Table of Contents (c641369) - Closes #2260
      • Update the babel dependencies to install & configuration needed (7239cf1) - Closes #2136
      • Add "What's new in 4.0" section (75ea634) - Closes #2089 #2267
      • Cleanup README for "latest" bump (24e202b) - Closes #2268
      • Revert "next" reference now that 4.0 is latest (ed27cbe)
      • Add Azure Pipelines badge (f3f0548) - Closes #2310
      • Add note about transpilation to "Splitting a Gulpfile" section (53b9037) - Closes #2311 #2312
      • Improve wording of file rename (88437f2) - Closes #2314

      Upgrade

      • Update glob-watcher, gulp-cli, and undertaker dependencies & rimraf devDep (d3734d3)

      Build

      • Add node 10 to CI matrices (a5eac1c)
      • Remove jscs & update eslint for code formatting rules (ad8a2f7)
      • Fix Azure comment (34a6d53) - Closes #2307
      • Add Azure Pipelines CI (b2c6c7e) - Closes #2299

      Scaffold

      • Mark *.png and *.jpg as binary files to git (a010db6)
      • Update some links and license year (1027236)
      • Add tidelift configuration (49b5aca)
      • Add new expense policy (9819957)
      • Add support-bot template (9078c49)
    • 4.0.0 - 2018-01-01

      Update

      • Remove graceful-fs from test suite (f27be05)

      Docs

      • Remove references to gulp-util (fbc162f)
      • Fix the installation instructions (173a532)
      • Improve note about out-of-date docs (ec54d09)
      • Update recipes to install gulp@next (03b7c98)
      • Remove run-sequence from recipes (2eba29e)
      • Add installation instructions & update badges (76eb4d6)

      Upgrade

      Build

      Scaffold

  • from [`gulp` GitHub Release Notes](https://github.com/gulpjs/gulp/releases)
------------

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment