Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency gulp to v4 #10

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency gulp to v4 #10

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Mar 14, 2022
edited
Loading

This PR contains the following updates:

Package Type Update Change
gulp (source) devDependencies major ^3.9.1 -> ^4.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
High High 9.8 CVE-2018-16492
High High 9.8 CVE-2021-44906
High High 9.1 CVE-2019-10744
High High 9.1 CVE-2019-10744
High High 7.5 CVE-2016-10540
High High 7.5 CVE-2016-10540
High High 7.5 CVE-2019-20149
High High 7.4 CVE-2020-8203
High High 7.2 CVE-2021-23337
Medium Medium 6.5 CVE-2018-3721
Medium Medium 6.5 CVE-2019-1010266
Medium Medium 5.6 CVE-2018-16487
Medium Medium 5.6 CVE-2020-7598
Medium Medium 5.3 CVE-2020-28500

Release Notes

gulpjs/gulp

v4.0.0

Compare Source

Task system changes
  • replaced 3.x task system (orchestrator) with new task system (bach)
    • removed gulp.reset
    • removed 3 argument syntax for gulp.task
    • gulp.task should only be used when you will call the task with the CLI
    • added gulp.series and gulp.parallel methods for composing tasks. Everything must use these now.
    • added single argument syntax for gulp.task which allows a named function to be used as the name of the task and task function.
    • added gulp.tree method for retrieving the task tree. Pass { deep: true } for an archy compatible node list.
    • added gulp.registry for setting custom registries.
CLI changes
  • split CLI out into a module if you want to save bandwidth/disk space. you can install the gulp CLI using either npm install gulp -g or npm install gulp-cli -g, where gulp-cli is the smaller one (no module code included)
  • add --tasks-json flag to CLI to dump the whole tree out for other tools to consume
  • added --verify flag to check the dependencies in package.json against the plugin blacklist.
vinyl/vinyl-fs changes
  • added gulp.symlink which functions exactly like gulp.dest, but symlinks instead.
  • added dirMode param to gulp.dest and gulp.symlink which allows better control over the mode of the destination folder that is created.
  • globs passed to gulp.src will be evaluated in order, which means this is possible gulp.src(['*.js', '!b*.js', 'bad.js']) (exclude every JS file that starts with a b except bad.js)
  • performance for gulp.src has improved massively
    • gulp.src(['**/*', '!b.js']) will no longer eat CPU since negations happen during walking now
  • added since option to gulp.src which lets you only match files that have been modified since a certain date (for incremental builds)
  • fixed gulp.src not following symlinks
  • added overwrite option to gulp.dest which allows you to enable or disable overwriting of existing files
  • If you want to rebase/retry this PR, click this checkbox.

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Mar 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants