search

the-simian / gulp-concat-filenames

A simple gulp plugin to take a list of files, and rather than concatenating their contents into a singular file, you concat their file names into a file, with, template, prefix and suffix options
MIT License
4 stars 5 forks source link

replace gulp-util #23

Open matujuri opened 5 years ago

the-simian commented 4 years ago

@matujuri can you add more detail? what's up here

davegravy commented 4 years ago

@the-simian presumably https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5?

the-simian commented 4 years ago

thanks, these are the two things I need to replace then. I've been really sick so I'll handle this after the new year.

026rus commented 3 years ago

Is there any update on replace gulp-util? I'm not sure where to post this I fount some vulnerable liberty in the gulp-util could you update them please or do I need to create separate issue for it?

lodash.template-3.6.2: gulp-concat-filenames@1.2.0 -> gulp-util@3.0.8 -> lodash.template@3.6.2

Description: “Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.”

Possible fix: “Upgrade to version lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0”