cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon aurelia

chore(Deps): bumped Gulp to 5.0.0 and Nodemon to 3.1.4

Open raiseandfall opened this issue 1 year ago • 3 comments

Hi there,

I've noticed 17 vulnerabilities in sub-deps. The two concerned dependencies are Nodemon and Gulp. This PR bumps them to the following:

  • Gulp to 5.0.0
  • Nodemon to 3.1.4

I've tested post update and saw no issues.

This clears any vulnerabilities. Could we bump a fix version for this to allow consumers apps to take advantage of it? Thanks!

raiseandfall avatar Sep 04 '24 15:09 raiseandfall

When we tried gulp v5 with au2, we found out v5 has lots of issue with existing plugins. We cannot upgrade it yet.

3cp avatar Sep 04 '24 23:09 3cp

Did you try it with gulp-typescript? It didn't work last time we tried.

3cp avatar Sep 04 '24 23:09 3cp

I didn't have a chance to test with gulp-typescript. Makes sense to wait for gulp plugins to be stable with v5. Hopefully we won't have to wait much longer.

raiseandfall avatar Sep 05 '24 11:09 raiseandfall

Did you try it with gulp-typescript? It didn't work last time we tried.

@3cp Coming back here (almost a year later 😄) I was able to test with gulp-typescript and it's running smoothly. I'm aware stability with gulp 5 and plugins is still not great, so not expecting any movement forward if it's still too early.

raiseandfall avatar Aug 07 '25 21:08 raiseandfall