Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

chore(Deps): bumped Gulp to 5.0.0 and Nodemon to 3.1.4 #1209

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

raiseandfall
Copy link

@raiseandfall raiseandfall commented Sep 4, 2024

Hi there,

I've noticed 17 vulnerabilities in sub-deps. The two concerned dependencies are Nodemon and Gulp.
This PR bumps them to the following:

  • Gulp to 5.0.0
  • Nodemon to 3.1.4

I've tested post update and saw no issues.

This clears any vulnerabilities.
Could we bump a fix version for this to allow consumers apps to take advantage of it?
Thanks!

@3cp
Copy link
Member

3cp commented Sep 4, 2024

When we tried gulp v5 with au2, we found out v5 has lots of issue with existing plugins. We cannot upgrade it yet.

@3cp
Copy link
Member

3cp commented Sep 4, 2024

Did you try it with gulp-typescript? It didn't work last time we tried.

@raiseandfall
Copy link
Author

I didn't have a chance to test with gulp-typescript. Makes sense to wait for gulp plugins to be stable with v5. Hopefully we won't have to wait much longer.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants