chore(Deps): bumped Gulp to 5.0.0 and Nodemon to 3.1.4

aurelia / cli

The Aurelia 1 command line tool. Use the CLI to create projects, scaffold components, and bundle your app for release.

MIT License

407 stars 133 forks source link

chore(Deps): bumped Gulp to 5.0.0 and Nodemon to 3.1.4 #1209

Open raiseandfall opened 3 weeks ago

raiseandfall commented 3 weeks ago

Hi there,

I've noticed 17 vulnerabilities in sub-deps. The two concerned dependencies are Nodemon and Gulp. This PR bumps them to the following:

Gulp to 5.0.0
Nodemon to 3.1.4

I've tested post update and saw no issues.

This clears any vulnerabilities. Could we bump a fix version for this to allow consumers apps to take advantage of it? Thanks!

3cp commented 3 weeks ago

When we tried gulp v5 with au2, we found out v5 has lots of issue with existing plugins. We cannot upgrade it yet.

3cp commented 3 weeks ago

Did you try it with gulp-typescript? It didn't work last time we tried.

raiseandfall commented 3 weeks ago

I didn't have a chance to test with gulp-typescript. Makes sense to wait for gulp plugins to be stable with v5. Hopefully we won't have to wait much longer.