Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

USWDS-Compile - Feature: Support gulp 5 #99

Open
2 tasks done
levinmr opened this issue May 3, 2024 · 0 comments
Open
2 tasks done

USWDS-Compile - Feature: Support gulp 5 #99

levinmr opened this issue May 3, 2024 · 0 comments
Labels
Status: Triage We're triaging this issue and grooming if necessary Type: Feature Request New functionality

Comments

@levinmr
Copy link

levinmr commented May 3, 2024

Is your feature request related to a problem? Please describe.

uswds-compile is causing npm audit warnings because it depends on old versions of gulp. Npm audit output follows:

# npm audit report

glob-parent  <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install gulp@5.0.0, which is a breaking change
node_modules/chokidar/node_modules/glob-parent
node_modules/glob-stream/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    glob-watcher  3.0.0 - 5.0.5
    Depends on vulnerable versions of chokidar
    node_modules/glob-watcher
      gulp  4.0.0 - 4.0.2
      Depends on vulnerable versions of glob-watcher
      Depends on vulnerable versions of vinyl-fs
      node_modules/gulp
  glob-stream  5.3.0 - 6.1.0
  Depends on vulnerable versions of glob-parent
  node_modules/glob-stream
    vinyl-fs  2.4.2 - 3.0.3
    Depends on vulnerable versions of glob-stream
    node_modules/vinyl-fs

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
No fix available
node_modules/@gulp-sourcemaps/identity-map/node_modules/postcss
  @gulp-sourcemaps/identity-map  >=2.0.0
  Depends on vulnerable versions of postcss
  node_modules/@gulp-sourcemaps/identity-map
    gulp-sourcemaps  >=3.0.0
    Depends on vulnerable versions of @gulp-sourcemaps/identity-map
    node_modules/gulp-sourcemaps
      @uswds/compile  *
      Depends on vulnerable versions of gulp
      Depends on vulnerable versions of gulp-sourcemaps
      node_modules/@uswds/compile

Describe the solution you'd like

Support gulp v5

Describe alternatives you've considered

No response

Additional context

No response

Code of Conduct
@levinmr levinmr added the Type: Feature Request New functionality label May 3, 2024
@github-actions github-actions bot added the Status: Triage We're triaging this issue and grooming if necessary label May 3, 2024
@mahoneycm mahoneycm mentioned this issue May 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Triage We're triaging this issue and grooming if necessary Type: Feature Request New functionality
Projects
USWDS Core Project Data
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@levinmr