Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade gulp from 4.0.0 to 4.0.2 #824

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

NOUIY
Copy link
Owner

@NOUIY NOUIY commented Jul 21, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade gulp from 4.0.0 to 4.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 2 versions ahead of your current version.

  • The recommended version was released on 5 years ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-COPYPROPS-1082870
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-INI-1048974
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-MIXINDEEP-450212
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-SETVALUE-1540541
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-SETVALUE-450213
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-SETVALUE-1540541
372 Proof of Concept
high severity Prototype Pollution
SNYK-JS-SETVALUE-450213
372 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970
372 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ES5EXT-6095076
372 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
372 Proof of Concept
medium severity Time of Check Time of Use (TOCTOU)
npm:chownr:20180731
372 No Known Exploit
low severity Validation Bypass
SNYK-JS-KINDOF-537849
372 Proof of Concept
Release notes
Package name: gulp
  • 4.0.2 - 2019-05-06

    Fix

    Docs

    • Add notes about esm support (4091bd3) - Closes #2278
    • Fix the Negative Globs section & examples (3c66d95) - Closes #2297
    • Remove next tag from recipes (1693a11) - Closes #2277
    • Add default task wrappers to Watching Files examples to make runnable (d916276) - Closes #2322
    • Fix syntax error in lastRun API docs (ea52a92) - Closes #2315
    • Fix typo in Explaining Globs (5d81f42) - Closes #2326

    Build

    • Add node 12 to Travis & Azure (b4b5a68)
  • 4.0.1 - 2019-04-21

    Fix

    Docs

    • Fix error in ES2015 usage example (a4e8d48) - Closes #2099 #2100
    • Add temporary notice for 4.0.0 vs 3.9.1 documentation (126423a) - Closes #2121
    • Improve recipe for empty glob array (45830cf) - Closes #2122
    • Reword standard to default (b065a13)
    • Fix recipe typo (86acdea) - Closes #2156
    • Add front-matter to each file (d693e49) - Closes #2109
    • Rename "Getting Started" to "Quick Start" & update it (6a0fa00)
    • Add "Creating Tasks" documentation (21b6962)
    • Add "JavaScript and Gulpfiles" documentation (31adf07)
    • Add "Working with Files" documentation (50fafc6)
    • Add "Async Completion" documentation (ad8b568)
    • Add "Explaining Globs" documentation (f8cafa0)
    • Add "Using Plugins" documentation (233c3f9)
    • Add "Watching Files" documentation (f3f2d9f)
    • Add Table of Contents to "Getting Started" directory (a43caf2)
    • Improve & fix parts of Getting Started (84b0234)
    • Create and link-to a "docs missing" page for LINK_NEEDED references (2bd75d0)
    • Redirect users to new Getting Started guides (53e9727)
    • Temporarily reference gulp@next in Quick Start (2cecf1e)
    • Fixed a capitalization typo in a heading (3d051d8) - Closes #2242
    • Use h2 headers within Quick Start documentation (921312c) - Closes #2241
    • Fix for nested directories references (4c2b9a7)
    • Add some more cleanup for Docusaurus (6a8fd8f)
    • Temporarily point LINK_NEEDED references to documentation-missing.md (df7cdcb)
    • API documentation improvements based on feedback (0a68710)
    • Update API Table of Contents (d6dd438)
    • Add API Concepts documentation (8dd3361)
    • Add Vinyl.isCustomProp() documentation (40ee801)
    • Add Vinyl.isVinyl() documentation (25a22bf)
    • Add Vinyl documentation (fc09067)
    • Update watch() documentation (69c22f0)
    • Update tree() documentation (ebb9818)
    • Update task() documentation (b636a9c)
    • Update symlink() documentation (d580efa)
    • Update src() documentation (d95b457)
    • Update series() documentation (4169cb6)
    • Update registry() documentation (d680487)
    • Update parallel() documentation (dc3cba7)
    • Update lastRun() documentation (363df21)
    • Update dest() documentation (e447d81)
    • Split API docs into separate markdown files (a3b8ce1)
    • Fix hash link (af4bd51)
    • Replace some links in Getting Started (c433c70)
    • Remove temporary workaround for facebook/docusaurus#257 (5c07954) - Closes facebook/Docusaurus#257
    • Added code ticks to "null" where missing (cb67319) - Closes #2243
    • Fix broken link in lastRun (d35653e)
    • Add front-matter to documentation-missing page (a553cfd)
    • Improve grammar on Concepts (01cfcc5) - Closes #2247
    • Remove spaces around
      (c960c1d)
    • Improve grammar in src (eb493a2) - Closes #2248
    • Fix formatting error (ca6ba35) - Closes #2250
    • Fix formatting of lastRun (8569f85) - Closes #2251
    • Add missing link in watch (e35bdac) - Closes #2252
    • Fix broken link in tasks (6d43750) - Closes #2253
    • Improve punctuation in tree (8e9fd70) - Closes #2254
    • Fix mistake in "Splitting a gulpfile" (96c353d) - Closes #2255
    • Remove front-matter from outdated pages (c5af6f1)
    • Fix broken link in Table of Contents (c641369) - Closes #2260
    • Update the babel dependencies to install & configuration needed (7239cf1) - Closes #2136
    • Add "What's new in 4.0" section (75ea634) - Closes #2089 #2267
    • Cleanup README for "latest" bump (24e202b) - Closes #2268
    • Revert "next" reference now that 4.0 is latest (ed27cbe)
    • Add Azure Pipelines badge (f3f0548) - Closes #2310
    • Add note about transpilation to "Splitting a Gulpfile" section (53b9037) - Closes #2311 #2312
    • Improve wording of file rename (88437f2) - Closes #2314

    Upgrade

    • Update glob-watcher, gulp-cli, and undertaker dependencies & rimraf devDep (d3734d3)

    Build

    • Add node 10 to CI matrices (a5eac1c)
    • Remove jscs & update eslint for code formatting rules (ad8a2f7)
    • Fix Azure comment (34a6d53) - Closes #2307
    • Add Azure Pipelines CI (b2c6c7e) - Closes #2299

    Scaffold

    • Mark *.png and *.jpg as binary files to git (a010db6)
    • Update some links and license year (1027236)
    • Add tidelift configuration (49b5aca)
    • Add new expense policy (9819957)
    • Add support-bot template (9078c49)
  • 4.0.0 - 2018-01-01

    Update

    • Remove graceful-fs from test suite (f27be05)

    Docs

    • Remove references to gulp-util (fbc162f)
    • Fix the installation instructions (173a532)
    • Improve note about out-of-date docs (ec54d09)
    • Update recipes to install gulp@next (03b7c98)
    • Remove run-sequence from recipes (2eba29e)
    • Add installation instructions & update badges (76eb4d6)

    Upgrade

    Build

    Scaffold

from gulp GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Verified

This commit was signed with the committer’s verified signature.
snyk-bot Snyk bot
Snyk has created this PR to upgrade gulp from 4.0.0 to 4.0.2.

See this package in npm:
gulp

See this project in Snyk:
https://app.snyk.io/org/nexuscompute/project/61b026bd-7498-48dc-a9b7-72a021d779c3?utm_source=github&utm_medium=referral&page=upgrade-pr
Copy link

guardrails bot commented Jul 21, 2024

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)
Severity Details
Critical pkg:npm/gulp@4.0.2 upgrade to: > 4.0.2

More info on how to fix Vulnerable Libraries in JavaScript.


👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment