npm audit report

[AmenRa]

How can i fix these issues?
Can you update dependancies?

Thank you!

[gabinho5]

It seems that the master branch gulp dependency has already been updated to gulp: "^4.0.0" which should resolve the issue, but the update needs to be released! @JacksonGariety Could you publish the newest version?

[JemiloII]

Waiting for this as well :)

[kkoyot]

+1, it's just a matter of creating a new tag and publishing to npm. Can we count on you, @JacksonGariety ?

[JemiloII]

So I did a little more poking around. gulp 4 isn't quite ready as it has some breaking changes from the 3.9.1 release. Probably better to wait until gulp is 4.0.0, plus, minimatch isn't an issue unless your having user supplied data in your gulp build process. If you do, I'd recommend you'd fix that~

[joebowbeer]

Depends on #149

[joebowbeer]

@JemiloII gulp 4 has been released via the @next tag.

[hadifarnoud]

updates? shall I remove gulp-nodemon until release?

[markstos]

@gabinho5 @kkoyot @hadifarnoud -- @JacksonGariety has been inactive for months. The project likely needs to be forked to get new maintainership at this point. See #147 for related discussion.

[JemiloII]

@joebowbeer just because it has a @next doesn't mean its ready. If it was, it wouldn't be next but the stable release.

[markstos]

@JemiloII "readiness" is not the only reason to use the @next tag. Gulp has a huge ecosystem around that needs updates as well. So if Gulp made "Gulp 4" the stable version, this could break projects that depend on Gulp plugins that need to be updated but haven't. By allowing both versions to be available for download, the Gulp project has created a transition window where both Gulp 3 and Gulp 4 plugins can work with a "current" version of Gulp.. This will make the future "stable" release of Gulp 4 go more smoothly. Notably, the tag is not called "alpha", "beta", "dev" or some other label indicating it's not stable.

[joebowbeer]

Fixed by v2.4.1 release

[ColemanGariety]

Audited.