Skip to content
This repository was archived by the owner on Sep 1, 2022. It is now read-only.

Security vulnerability #168

Closed
skhilliard opened this issue Oct 11, 2021 · 1 comment
Closed

Security vulnerability #168

skhilliard opened this issue Oct 11, 2021 · 1 comment

Comments

@skhilliard
Copy link

gulp-run has a dependency on gulp-util which references a version of lodash.template that has a critical vulnerability. Would it be possible to update gulp-run to eliminate this? I understand that this library is deprecated, but would it be possible to release an emergency patch under these circumstances?

gulp-run > gulp-util > lodash.template
GHSA-jf85-cpcp-j695

`-- [email protected]
  +-- [email protected]
  | `-- [email protected]
  `-- [email protected]
@demurgos
Copy link
Member

demurgos commented Oct 11, 2021
edited
Loading

I replied to m19c/gulp-run#60.

gulp-util has been deprecated for years and shouldn't even be a dependency.
gulp-util will not be updated, use the migration instructions from the README to move to a supported dependency.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@demurgos @skhilliard