replace gulp-util

Question

replace gulp-util

matujuri opened this issue 5 years ago · 4 comments

matujuri commented 5 years ago

replace gulp-util

Answer 1 · 2019-12-09T00:02:24.000Z

@matujuri can you add more detail? what's up here

Answer 2 · 2019-12-30T06:45:39.000Z

@the-simian presumably https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5?

Answer 3 · 2019-12-30T21:27:09.000Z

thanks, these are the two things I need to replace then. I've been really sick so I'll handle this after the new year.

gutil.File => https://www.npmjs.com/package/vinyl
gutil.PluginError => https://www.npmjs.com/package/plugin-error

Answer 4 · 2021-09-13T21:08:32.000Z

Is there any update on replace gulp-util?
I'm not sure where to post this I fount some vulnerable liberty in the gulp-util could you update them please or do I need to create separate issue for it?

lodash.template-3.6.2:
gulp-concat-filenames@1.2.0 -> gulp-util@3.0.8 -> lodash.template@3.6.2

Description:
“Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.”

Possible fix:
“Upgrade to version lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0”