update dependencies

[benjtinsley]

upon installing blendid, there are several warnings related to deprecated packages:

warning blendid > babel-preset-es2015@6.24.1: 🙌  Thanks for using Babel: we recommend using babel-preset-env now: please read babeljs.io/env to update! 
warning blendid > gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-cssnano > gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-autoprefixer > gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-data > gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-sass > gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-sequence > gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-rev-napkin > gulp-util@3.0.8: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp > vinyl-fs > graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warning blendid > gulp > vinyl-fs > glob-stream > minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning blendid > gulp-nunjucks-render > through2 > xtend > object-keys@0.4.0: 
warning blendid > gulp > vinyl-fs > glob-watcher > gaze > globule > minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning blendid > gulp > vinyl-fs > glob-watcher > gaze > globule > glob > graceful-fs@1.2.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js

these are distilled to:

• [x] update babel-preset-es2015 to babel-preset-env
• [x] update gulp-util (https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5)
• [ ] check if update to gulp exists to rectify many errors
• [ ] check if update to gulp-cssnano exists to rectify gulp-util error
• [x] check if update to gulp-autoprefixer exists to rectify gulp-util error
• [x] check if update to gulp-data exists to rectify gulp-util error
• [ ] check if update to gulp-sass exists to rectify gulp-util error
• [x] check if update to gulp-sequence exists to rectify gulp-util error
• [x] check if update to gulp-rev-napkin exists to rectify gulp-util error
• [x] update gulp-nunjucks-render to rectify through2 error

[benjtinsley]

related to #516 & #508

[benjtinsley]

gulp-sass is in the process of being updated: https://github.com/dlmanning/gulp-sass/issues/646 gulp-cssnano is in the process of being updated: https://github.com/ben-eb/gulp-cssnano/issues/92 gulp is in the process of being updated: https://github.com/gulpjs/gulp/issues/1486

will update once those remaining few are resolved

[TheDancingCode]

gulp-sass v4.0.0 was released, which fixes the gulp-util warning. The warnings on the gulp install can be fixed by moving to v4.0.0 as well, I believe.

Additionally, gulp-rev-replace is no longer maintained, but maintenance continues in gulp-rev-rewrite.

[olets]

As of now, the main thing is Gulp 4 (#578)

Snyk recommends the following:

• upgrade open from 0.0.5 to 6.0.0
• upgrade gulp-nunjucks-render from 2.2.2 to 2.2.3
• upgrade webpack from 3.12.0 to 4.0.0

Snyk also turns up these warnings:

• gulp-cssnano has security problems would be addressed by switching to (non-gulp) cssnano
• gulp-sass 4.0.2's node-sass 4.11.0's node-gyp 3.8.0's tar 2.2.1 is out of date
• gulp-svgstore 7.0.1's cheerio 0.22.0's lodash.merge 4.6.1 is bad

[angrybrad]

Went to make a ticket for this and saw this existing one.

olets comment hits all of the major security-related issues in the dependency chain.