[Snyk] Upgrade: gulp, gulp-connect, gulp-replace, js-yaml #844
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- gulp from 4.0.0 to 4.0.2.
See this package in npm: https://www.npmjs.com/package/gulp
- gulp-connect from 5.5.0 to 5.7.0.
See this package in npm: https://www.npmjs.com/package/gulp-connect
- gulp-replace from 0.5.4 to 0.6.1.
See this package in npm: https://www.npmjs.com/package/gulp-replace
- js-yaml from 3.10.0 to 3.14.1.
See this package in npm: https://www.npmjs.com/package/js-yaml
See this project in Snyk:
https://app.snyk.io/org/nexuscompute/project/61b026bd-7498-48dc-a9b7-72a021d779c3?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
gulp
from 4.0.0 to 4.0.2 | 2 versions ahead of your current version | 5 years ago
on 2019-05-06
gulp-connect
from 5.5.0 to 5.7.0 | 2 versions ahead of your current version | 6 years ago
on 2018-12-06
gulp-replace
from 0.5.4 to 0.6.1 | 2 versions ahead of your current version | 7 years ago
on 2017-06-20
js-yaml
from 3.10.0 to 3.14.1 | 8 versions ahead of your current version | 4 years ago
on 2020-12-07
Issues fixed by the recommended upgrade:
SNYK-JS-MIXINDEEP-450212
SNYK-JS-INI-1048974
SNYK-JS-JSYAML-174129
SNYK-JS-SETVALUE-450213
SNYK-JS-SETVALUE-1540541
SNYK-JS-SETVALUE-450213
npm:qs:20170213
npm:qs:20170213
SNYK-JS-SETVALUE-1540541
SNYK-JS-BODYPARSER-7926860
SNYK-JS-COPYPROPS-1082870
SNYK-JS-DECODEURICOMPONENT-3149970
SNYK-JS-ES5EXT-6095076
SNYK-JS-WEBSOCKETEXTENSIONS-570623
npm:fresh:20170908
SNYK-JS-JSYAML-173999
SNYK-JS-PATHPARSE-1077067
npm:chownr:20180731
npm:debug:20170905
SNYK-JS-KINDOF-537849
npm:mime:20170907
npm:ms:20170412
Release notes
Package name: gulp
-
4.0.2 - 2019-05-06
- Bind src/dest/symlink to the gulp instance to support esm exports (5667666) - Ref standard-things/esm#797
- Add notes about esm support (4091bd3) - Closes #2278
- Fix the Negative Globs section & examples (3c66d95) - Closes #2297
- Remove next tag from recipes (1693a11) - Closes #2277
- Add default task wrappers to Watching Files examples to make runnable (d916276) - Closes #2322
- Fix syntax error in lastRun API docs (ea52a92) - Closes #2315
- Fix typo in Explaining Globs (5d81f42) - Closes #2326
- Add node 12 to Travis & Azure (b4b5a68)
-
4.0.1 - 2019-04-21
- Temporary workaround for facebook/docusaurus#257 (9f4a2e9) - Closes facebook/Docusaurus#257
- Fix error in ES2015 usage example (a4e8d48) - Closes #2099 #2100
- Add temporary notice for 4.0.0 vs 3.9.1 documentation (126423a) - Closes #2121
- Improve recipe for empty glob array (45830cf) - Closes #2122
- Reword standard to default (b065a13)
- Fix recipe typo (86acdea) - Closes #2156
- Add front-matter to each file (d693e49) - Closes #2109
- Rename "Getting Started" to "Quick Start" & update it (6a0fa00)
- Add "Creating Tasks" documentation (21b6962)
- Add "JavaScript and Gulpfiles" documentation (31adf07)
- Add "Working with Files" documentation (50fafc6)
- Add "Async Completion" documentation (ad8b568)
- Add "Explaining Globs" documentation (f8cafa0)
- Add "Using Plugins" documentation (233c3f9)
- Add "Watching Files" documentation (f3f2d9f)
- Add Table of Contents to "Getting Started" directory (a43caf2)
- Improve & fix parts of Getting Started (84b0234)
- Create and link-to a "docs missing" page for LINK_NEEDED references (2bd75d0)
- Redirect users to new Getting Started guides (53e9727)
- Temporarily reference gulp@next in Quick Start (2cecf1e)
- Fixed a capitalization typo in a heading (3d051d8) - Closes #2242
- Use h2 headers within Quick Start documentation (921312c) - Closes #2241
- Fix for nested directories references (4c2b9a7)
- Add some more cleanup for Docusaurus (6a8fd8f)
- Temporarily point LINK_NEEDED references to documentation-missing.md (df7cdcb)
- API documentation improvements based on feedback (0a68710)
- Update API Table of Contents (d6dd438)
- Add API Concepts documentation (8dd3361)
- Add Vinyl.isCustomProp() documentation (40ee801)
- Add Vinyl.isVinyl() documentation (25a22bf)
- Add Vinyl documentation (fc09067)
- Update watch() documentation (69c22f0)
- Update tree() documentation (ebb9818)
- Update task() documentation (b636a9c)
- Update symlink() documentation (d580efa)
- Update src() documentation (d95b457)
- Update series() documentation (4169cb6)
- Update registry() documentation (d680487)
- Update parallel() documentation (dc3cba7)
- Update lastRun() documentation (363df21)
- Update dest() documentation (e447d81)
- Split API docs into separate markdown files (a3b8ce1)
- Fix hash link (af4bd51)
- Replace some links in Getting Started (c433c70)
- Remove temporary workaround for facebook/docusaurus#257 (5c07954) - Closes facebook/Docusaurus#257
- Added code ticks to "null" where missing (cb67319) - Closes #2243
- Fix broken link in lastRun (d35653e)
- Add front-matter to documentation-missing page (a553cfd)
- Improve grammar on Concepts (01cfcc5) - Closes #2247
- Remove spaces around
- Improve grammar in src (eb493a2) - Closes #2248
- Fix formatting error (ca6ba35) - Closes #2250
- Fix formatting of lastRun (8569f85) - Closes #2251
- Add missing link in watch (e35bdac) - Closes #2252
- Fix broken link in tasks (6d43750) - Closes #2253
- Improve punctuation in tree (8e9fd70) - Closes #2254
- Fix mistake in "Splitting a gulpfile" (96c353d) - Closes #2255
- Remove front-matter from outdated pages (c5af6f1)
- Fix broken link in Table of Contents (c641369) - Closes #2260
- Update the babel dependencies to install & configuration needed (7239cf1) - Closes #2136
- Add "What's new in 4.0" section (75ea634) - Closes #2089 #2267
- Cleanup README for "latest" bump (24e202b) - Closes #2268
- Revert "next" reference now that 4.0 is latest (ed27cbe)
- Add Azure Pipelines badge (f3f0548) - Closes #2310
- Add note about transpilation to "Splitting a Gulpfile" section (53b9037) - Closes #2311 #2312
- Improve wording of file rename (88437f2) - Closes #2314
- Update glob-watcher, gulp-cli, and undertaker dependencies & rimraf devDep (d3734d3)
- Add node 10 to CI matrices (a5eac1c)
- Remove jscs & update eslint for code formatting rules (ad8a2f7)
- Fix Azure comment (34a6d53) - Closes #2307
- Add Azure Pipelines CI (b2c6c7e) - Closes #2299
- Mark *.png and *.jpg as binary files to git (a010db6)
- Update some links and license year (1027236)
- Add tidelift configuration (49b5aca)
- Add new expense policy (9819957)
- Add support-bot template (9078c49)
-
4.0.0 - 2018-01-01
- Remove graceful-fs from test suite (f27be05)
- Remove references to gulp-util (fbc162f)
- Fix the installation instructions (173a532)
- Improve note about out-of-date docs (ec54d09)
- Update recipes to install gulp@next (03b7c98)
- Remove run-sequence from recipes (2eba29e)
- Add installation instructions & update badges (76eb4d6)
- Update glob-watcher (361ab63)
- Avoid broken node 9 (064d100)
- Normalize repository (3011cf9)
from gulp GitHub release notesFix
Docs
Build
Fix
Docs
(c960c1d)
Upgrade
Build
Scaffold
Update
Docs
Upgrade
Build
Scaffold
Package name: gulp-connect
-
5.7.0 - 2018-12-06
-
5.6.1 - 2018-08-28
-
5.5.0 - 2018-02-22
from gulp-connect GitHub release notesNo content.
No content.
No content.
Package name: gulp-replace
-
0.6.1 - 2017-06-20
- Fixed file object not being updated for subsequent files
-
0.6.0 - 2017-06-20
- Added
- Updated version of concat-stream to avoid vulnerability, thanks to @ faust64
- Added function replacement examples to README, closes #77
- Refactored tests, thanks to @ oleggromov
-
0.5.4 - 2015-08-05
- Fixed text file detecting (thanks @ zensh)
- Switch from Streams2 to Streams3 (thanks @ shinnn)
- Documentation fixes (thanks @ jolyonruss)
- Test on Node 0.12 and io.js (thanks @ shinnn)
from gulp-replace GitHub release notesthis.filefor callback functions to expose the vinyl file object, closes #50. Thanks to @ thesebas @ asins and @ oleggromov for their help in defining the API.Package name: js-yaml
-
3.14.1 - 2020-12-07
-
3.14.0 - 2020-05-22
-
3.13.1 - 2019-04-05
-
3.13.0 - 2019-03-20
-
3.12.2 - 2019-02-26
-
3.12.1 - 2019-01-05
-
3.12.0 - 2018-06-01
-
3.11.0 - 2018-03-05
-
3.10.0 - 2017-09-11
from js-yaml GitHub release notes3.14.1 released
3.14.0 released
3.13.1 released
3.13.0 released
3.12.2 released
3.12.1 released
3.12.0 released
3.11.0 released
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: