There are currently multiple security vulnerabilities reported for npm packages:
found 12 vulnerabilities (3 low, 1 moderate, 7 high, 1 critical) in 10514 scanned packages
9 vulnerabilities require semver-major dependency updates.
3 vulnerabilities require manual review. See the full report for details.
To resolve the alerts, this PR:
Updates from Gulp 3.91 to Gulp 4.0.2 (latest)
Updates project Gulp tasks to use Gulp 4 (with some minor tidy up)
Replaces deprecated gulp-cssnano with cssnano via gulp-postcss
Updates gulp-mocha three major versions up (4.3.1 -> 7.0.2)
Recommend reviewing the commits individually.
How has this been tested?
npm test passes and fails automated tests appropriately
npm start removes the /public folder, outputs both a minified and non-minified version of CSS into /public/stylesheets, copies JavaScript to /public/javascripts, copies images to /public/images and starts the nodemon server
There are currently multiple security vulnerabilities reported for npm packages:
To resolve the alerts, this PR:
gulp-cssnanowithcssnanoviagulp-postcssgulp-mochathree major versions up (4.3.1 -> 7.0.2)Recommend reviewing the commits individually.
How has this been tested?
npm testpasses and fails automated tests appropriatelynpm startremoves the/publicfolder, outputs both a minified and non-minified version of CSS into/public/stylesheets, copies JavaScript to/public/javascripts, copies images to/public/imagesand starts the nodemon server/public/stylesheets/govuk-elements-styles.min.cssfile correctlygulp packagegenerates/package/with changes for publishinggulp defaultoutputs the available main tasks correctlyWhat type of change is it?
Has the documentation been updated?
Fixes https://github.com/alphagov/design-system-team-internal/issues/285