New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade gulp from 4.0.0 to 4.0.2 #11
base: master
Are you sure you want to change the base?
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MOCHA-561476 - https://snyk.io/vuln/npm:growl:20160721 - https://snyk.io/vuln/npm:ms:20151024
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/npm:uglify-js:20150824 - https://snyk.io/vuln/npm:uglify-js:20151024
…9cd12a0fbf [Snyk] Security upgrade mocha from 1.5.0 to 6.0.0
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FLAT-596927 - https://snyk.io/vuln/SNYK-JS-JSYAML-173999 - https://snyk.io/vuln/SNYK-JS-JSYAML-174129 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
…331215c611 [Snyk] Security upgrade mocha from 6.0.0 to 8.2.0
…a5724535a1 [Snyk] Security upgrade uglify-js from 2.4.13 to 2.6.0
Snyk has created this PR to upgrade gulp from 4.0.0 to 4.0.2. See this package in npm: https://www.npmjs.com/package/gulp See this project in Snyk: https://app.snyk.io/org/kadirselcuk/project/da7a914c-29f0-4ae3-b221-c55343aa7b0e?utm_source=github&utm_medium=upgrade-pr
Hard-Coded Secrets (100)
More info on how to fix Hard-Coded Secrets in General. Insecure Use of Regular Expressions (68)
More info on how to fix Insecure Use of Regular Expressions in Javascript. Insecure File Management (11)
flight-manual.atom.io/gulpfile.js Line 86 in a001af5
flight-manual.atom.io/gulpfile.js Line 89 in a001af5
flight-manual.atom.io/gulpfile.js Line 93 in a001af5
flight-manual.atom.io/gulpfile.js Line 96 in a001af5
flight-manual.atom.io/gulpfile.js Line 100 in a001af5
flight-manual.atom.io/gulpfile.js Line 125 in a001af5
flight-manual.atom.io/gulpfile.js Line 136 in a001af5
More info on how to fix Insecure File Management in Javascript. Insecure Use of Dangerous Function (4)
flight-manual.atom.io/gulpfile.js Line 108 in a001af5
flight-manual.atom.io/Rakefile Line 98 in a001af5
More info on how to fix Insecure Use of Dangerous Function in Javascript and Ruby. Insecure Use of Crypto (6)
More info on how to fix Insecure Use of Crypto in Javascript. Vulnerable Libraries (30)
More info on how to fix Vulnerable Libraries in Javascript and Ruby. 👉 Go to the dashboard for detailed results. 📥 Happy? Share your feedback with us. |
Snyk has created this PR to upgrade gulp from 4.0.0 to 4.0.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-SETVALUE-450213
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-SETVALUE-450213
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-MIXINDEEP-450212
Why? Proof of Concept exploit, CVSS 7.3
npm:chownr:20180731
Why? Proof of Concept exploit, CVSS 7.3
SNYK-JS-KINDOF-537849
Why? Proof of Concept exploit, CVSS 7.3
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: gulp
Fix
Docs
Build
Fix
Docs
(c960c1d)
Upgrade
Build
Scaffold
Update
Docs
Upgrade
Build
Scaffold
Commit messages
Package name: gulp
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs