ghost
commented
3 years ago Deprecated
Please note gulp-util is deprecated
This is the URL for the npm package: https://www.npmjs.com/package/gulp-util gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
Request
It would be good practice to get this updated, I would like to help however this is outside of my scope.
- Thanks Ray.
Issue Overview
When running 'npm install' 15 vulnerabilities (1 low, 12 high, 2 critical) show up.
Is this simply a case of updating some of the
To be entirely honest I don't know if this is an issue or I am missing something.
Describe your environment
npm --version 7.0.10
node --version v12.18.3
Steps to reproduce
Change directory to desktop:
Git clone https://github.com/planetoftheweb/angulardata.git
Change directory to 'angulardata'.
Run npm install
Expected behaviour
NPM installs modules without critical vulnerabilities
Current behaviour
npm WARN using --force Recommended protections disabled. npm WARN audit Updating gulp-webserver to 0.5.0,which is a SemVer major change. npm WARN audit Updating gulp to 4.0.2,which is a SemVer major change. npm WARN deprecated chokidar@2.1.8: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies. npm WARN deprecated fsevents@1.2.13: fsevents 1 will break on node v14+ and could be using insecure binaries. Upgrade to fsevents 2.
A summary of the critical issues.
Run
npm auditfor details. angulardata % npm auditnpm audit report
Severity: critical Command Injection - https://npmjs.com/advisories/663 fix available via
npm audit fix --forceWill install gulp-webserver@0.5.0, which is a breaking changedebug <=2.6.8 || 3.0.0 - 3.0.1 Regular Expression Denial of Service - https://npmjs.com/advisories/534 fix available via
npm audit fix --forceWill install gulp-webserver@0.5.0, which is a breaking change node_modules/tiny-lr/node_modules/debug