gulp 3.9.1 depended on lodash 1.0.1.
Any version of lodash prior to 4.17.5 was impacted by CVE-2018-3721 (Modification of Assumed-Immutable Data).
Fixing it required to upgrade gulp to version 4.0.
File format changed with one significant impact: it does not support forward references to a task (see
https://github.com/gulpjs/gulp/issues/802). gulpfile.hs has been updated accordingly.
gulp 3.9.1 depended on lodash 1.0.1. Any version of lodash prior to 4.17.5 was impacted by CVE-2018-3721 (Modification of Assumed-Immutable Data).
Fixing it required to upgrade gulp to version 4.0. File format changed with one significant impact: it does not support forward references to a task (see https://github.com/gulpjs/gulp/issues/802). gulpfile.hs has been updated accordingly.