[Snyk] Upgrade gulp-connect from 5.0.0 to 5.7.0

[snyk-bot]

Snyk has created this PR to upgrade gulp-connect from 5.0.0 to 5.7.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2018-12-06.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Override Protection Bypass npm:qs:20170213	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Prototype Override Protection Bypass npm:qs:20170213	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Prototype Override Protection Bypass npm:qs:20170213	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Uninitialized Memory Exposure npm:base64-url:20180512	589/1000 Why? Has a fix available, CVSS 7.5	Mature
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Arbitrary Code Injection SNYK-JS-MORGAN-72579	589/1000 Why? Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: gulp-connect

• 5.7.0 - 2018-12-06
  No content.
• 5.6.1 - 2018-08-28
  No content.
• 5.5.0 - 2018-02-22
  No content.
• 5.4.0 - 2018-02-16
  No content.
• 5.2.0 - 2018-01-04
  No content.
• 5.1.0 - 2018-01-03
  

  Merge pull request #240 from zbennett10/master

  removed deprecated gulp-util

• 5.0.0 - 2016-07-28
  

  Test

from gulp-connect GitHub release notes

Commit messages

Package name: gulp-connect

• e3210c5 Update package.json
• 8a2bcbb Merge pull request #261 from dbemiller/master
• 0718031 Replaced event-stream with map-stream.
• 6274d62 Add support for pfx keys when using https as an object (#218)
• aa10ee3 5.6.1
• a80e3e5 Merge pull request #257 from rejas/update_dependencies
• c6034b8 Cleanup test file
• edcfba8 Update ansi-colors package
• 429068d Only test supported node versions
• 2055d29 Undo typescript update to avoid breaking tests
• 4e3c831 Update all dependencies
• 7192d9e bump 5.5.0
• 13db10c Merge pull request #250 from nickpape-msft/nickpape/lazy-load-http2
• 0c7270c Only load http2 if preferHttp1 is false
• d103fd6 5.4.0
• 8fa06cf add package-lock.json
• 7265554 Merge pull request #247 from nickpape-msft/master
• df25440 bump 5.3.0
• 8869a6d Add a config option for preferring HTTP2
• 0cf6a67 Merge pull request #245 from zbennett10/master
• 6dfe3ca Update README.md
• 3020dc3 Add files via upload
• f9eca17 Upgrade connect package and add needed dependencies for upgrade
• 58abff2 5.2.0 Fixes #241

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs