[Snyk] Upgrade gulp from 4.0.0 to 4.0.2

[NOUIY]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade gulp from 4.0.0 to 4.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 5 years ago, on 2019-05-06.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-COPYPROPS-1082870	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: gulp

• 4.0.2 - 2019-05-06
  

  Fix

  • Bind src/dest/symlink to the gulp instance to support esm exports (5667666) - Ref standard-things/esm#797

  Docs

  • Add notes about esm support (4091bd3) - Closes #2278
  • Fix the Negative Globs section & examples (3c66d95) - Closes #2297
  • Remove next tag from recipes (1693a11) - Closes #2277
  • Add default task wrappers to Watching Files examples to make runnable (d916276) - Closes #2322
  • Fix syntax error in lastRun API docs (ea52a92) - Closes #2315
  • Fix typo in Explaining Globs (5d81f42) - Closes #2326

  Build

  • Add node 12 to Travis & Azure (b4b5a68)
• 4.0.1 - 2019-04-21
  

  Fix

  • Temporary workaround for facebook/docusaurus#257 (9f4a2e9) - Closes facebook/Docusaurus#257

  Docs

  • Fix error in ES2015 usage example (a4e8d48) - Closes #2099 #2100
  • Add temporary notice for 4.0.0 vs 3.9.1 documentation (126423a) - Closes #2121
  • Improve recipe for empty glob array (45830cf) - Closes #2122
  • Reword standard to default (b065a13)
  • Fix recipe typo (86acdea) - Closes #2156
  • Add front-matter to each file (d693e49) - Closes #2109
  • Rename "Getting Started" to "Quick Start" & update it (6a0fa00)
  • Add "Creating Tasks" documentation (21b6962)
  • Add "JavaScript and Gulpfiles" documentation (31adf07)
  • Add "Working with Files" documentation (50fafc6)
  • Add "Async Completion" documentation (ad8b568)
  • Add "Explaining Globs" documentation (f8cafa0)
  • Add "Using Plugins" documentation (233c3f9)
  • Add "Watching Files" documentation (f3f2d9f)
  • Add Table of Contents to "Getting Started" directory (a43caf2)
  • Improve & fix parts of Getting Started (84b0234)
  • Create and link-to a "docs missing" page for LINK_NEEDED references (2bd75d0)
  • Redirect users to new Getting Started guides (53e9727)
  • Temporarily reference gulp@next in Quick Start (2cecf1e)
  • Fixed a capitalization typo in a heading (3d051d8) - Closes #2242
  • Use h2 headers within Quick Start documentation (921312c) - Closes #2241
  • Fix for nested directories references (4c2b9a7)
  • Add some more cleanup for Docusaurus (6a8fd8f)
  • Temporarily point LINK_NEEDED references to documentation-missing.md (df7cdcb)
  • API documentation improvements based on feedback (0a68710)
  • Update API Table of Contents (d6dd438)
  • Add API Concepts documentation (8dd3361)
  • Add Vinyl.isCustomProp() documentation (40ee801)
  • Add Vinyl.isVinyl() documentation (25a22bf)
  • Add Vinyl documentation (fc09067)
  • Update watch() documentation (69c22f0)
  • Update tree() documentation (ebb9818)
  • Update task() documentation (b636a9c)
  • Update symlink() documentation (d580efa)
  • Update src() documentation (d95b457)
  • Update series() documentation (4169cb6)
  • Update registry() documentation (d680487)
  • Update parallel() documentation (dc3cba7)
  • Update lastRun() documentation (363df21)
  • Update dest() documentation (e447d81)
  • Split API docs into separate markdown files (a3b8ce1)
  • Fix hash link (af4bd51)
  • Replace some links in Getting Started (c433c70)
  • Remove temporary workaround for facebook/docusaurus#257 (5c07954) - Closes facebook/Docusaurus#257
  • Added code ticks to "null" where missing (cb67319) - Closes #2243
  • Fix broken link in lastRun (d35653e)
  • Add front-matter to documentation-missing page (a553cfd)
  • Improve grammar on Concepts (01cfcc5) - Closes #2247
  • Remove spaces around
    (c960c1d)
  • Improve grammar in src (eb493a2) - Closes #2248
  • Fix formatting error (ca6ba35) - Closes #2250
  • Fix formatting of lastRun (8569f85) - Closes #2251
  • Add missing link in watch (e35bdac) - Closes #2252
  • Fix broken link in tasks (6d43750) - Closes #2253
  • Improve punctuation in tree (8e9fd70) - Closes #2254
  • Fix mistake in "Splitting a gulpfile" (96c353d) - Closes #2255
  • Remove front-matter from outdated pages (c5af6f1)
  • Fix broken link in Table of Contents (c641369) - Closes #2260
  • Update the babel dependencies to install & configuration needed (7239cf1) - Closes #2136
  • Add "What's new in 4.0" section (75ea634) - Closes #2089 #2267
  • Cleanup README for "latest" bump (24e202b) - Closes #2268
  • Revert "next" reference now that 4.0 is latest (ed27cbe)
  • Add Azure Pipelines badge (f3f0548) - Closes #2310
  • Add note about transpilation to "Splitting a Gulpfile" section (53b9037) - Closes #2311 #2312
  • Improve wording of file rename (88437f2) - Closes #2314

  Upgrade

  • Update glob-watcher, gulp-cli, and undertaker dependencies & rimraf devDep (d3734d3)

  Build

  • Add node 10 to CI matrices (a5eac1c)
  • Remove jscs & update eslint for code formatting rules (ad8a2f7)
  • Fix Azure comment (34a6d53) - Closes #2307
  • Add Azure Pipelines CI (b2c6c7e) - Closes #2299

  Scaffold

  • Mark *.png and *.jpg as binary files to git (a010db6)
  • Update some links and license year (1027236)
  • Add tidelift configuration (49b5aca)
  • Add new expense policy (9819957)
  • Add support-bot template (9078c49)
• 4.0.0 - 2018-01-01
  

  Update

  • Remove graceful-fs from test suite (f27be05)

  Docs

  • Remove references to gulp-util (fbc162f)
  • Fix the installation instructions (173a532)
  • Improve note about out-of-date docs (ec54d09)
  • Update recipes to install gulp@next (03b7c98)
  • Remove run-sequence from recipes (2eba29e)
  • Add installation instructions & update badges (76eb4d6)

  Upgrade

  • Update glob-watcher (361ab63)

  Build

  • Avoid broken node 9 (064d100)

  Scaffold

  • Normalize repository (3011cf9)

from gulp GitHub release notes

Commit messages

Package name: gulp

• 069350a Release: 4.0.2
• b4b5a68 Build: Add node 12 to Travis & Azure
• 5667666 Fix: Bind src/dest/symlink to the gulp instance to support esm exports (ref [Question] Why does import require functions on the prototype to be bound to the instance? standard-things/esm#797)
• 4091bd3 Docs: Add notes about esm support (closes #2278)
• 3c66d95 Docs: Fix the Negative Globs section & examples (closes #2297)
• 1693a11 Docs: Remove next tag from recipes (closes #2277)
• d916276 Docs: Add default task wrappers to Watching Files examples to make runnable (ref #2322)
• ea52a92 Docs: Fix syntax error in lastRun API docs (closes #2315)
• 5d81f42 Docs: Fix typo in Explaining Globs (#2326)
• ea3bba4 Release: 4.0.1
• d3734d3 Upgrade: Update glob-watcher, gulp-cli, and undertaker dependencies & rimraf devDep
• 88437f2 Docs: Improve wording of file rename (#2314)
• 53b9037 Docs: Add note about transpilation to "Splitting a Gulpfile" section (closes #2311) (#2312)
• f3f0548 Docs: Add Azure Pipelines badge (#2310)
• 34a6d53 Build: Fix Azure comment (#2307)
• b2c6c7e Build: Add Azure Pipelines CI (#2299)
• ed27cbe Docs: Revert "next" reference now that 4.0 is latest
• 24e202b Docs: Cleanup README for "latest" bump (#2268)
• 75ea634 Docs: Add "What's new in 4.0" section (closes #2089) (#2267)
• 9078c49 Scaffold: Add support-bot template
• 7239cf1 Docs: Update the babel dependencies to install & configuration needed (closes #2136)
• c641369 Docs: Fix broken link in Table of Contents (#2260)
• 9819957 Scaffold: Add new expense policy
• c5af6f1 Docs: Remove front-matter from outdated pages

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs