replace gulp-util
matujuri opened this issue · 4 comments
@matujuri can you add more detail? what's up here
thanks, these are the two things I need to replace then. I've been really sick so I'll handle this after the new year.
- gutil.File => https://www.npmjs.com/package/vinyl
- gutil.PluginError => https://www.npmjs.com/package/plugin-error
Is there any update on replace gulp-util?
I'm not sure where to post this I fount some vulnerable liberty in the gulp-util could you update them please or do I need to create separate issue for it?
lodash.template-3.6.2:
gulp-concat-filenames@1.2.0 -> gulp-util@3.0.8 -> lodash.template@3.6.2
Description:
“Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.”
Possible fix:
“Upgrade to version lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0”