Update set-value

[BernhardMaier]

"dependencies": {
  "set-value": ">=4.0.1"
}

[BernhardMaier]

Security issue is caused by gulp 4.0.2 and can't be fixed until gulp is updated. See https://www.npmjs.com/package/gulp for more infos.

[BernhardMaier]

gulp@4.0.2 is using cache-based and union-value and they are using set-value:

gulp@4.0.2 requires set-value@^2.0.0 via a transitive dependency on cache-base@1.0.1
gulp@4.0.2 requires set-value@^2.0.1 via a transitive dependency on union-value@1.0.1

Both projects already have issues and pull request addressing and fixing the security vulnerability:

• union-value
  • https://github.com/jonschlinkert/union-value/issues/11
  • https://github.com/jonschlinkert/union-value/pull/12
• cache-based
  • https://github.com/jonschlinkert/cache-base/issues/22
  • https://github.com/jonschlinkert/cache-base/pull/25

Currently no issue in https://github.com/gulpjs/gulp/issues related to this vulnerability.

[BernhardMaier]

Small updates:

• cache-base is fixed with PR https://github.com/jonschlinkert/cache-base/pull/23
• union-value is still not fixed. PR is open, but no reply from author: https://github.com/jonschlinkert/union-value/pull/12