From 595ab834ed4ee07a18c9c661bdcc5747d5e99f50 Mon Sep 17 00:00:00 2001 From: Tom Byers Date: Thu, 30 May 2019 18:40:19 +0100 Subject: [PATCH 1/5] Bump packages on vulnerability paths (#138) The braces package has this vulnerability: https://nodesecurity.io/advisories/786 It's fixed as of version 2.3.1. This updates all copies of the micromatch dependency in the tree to bring in a version of braces with the fix. --- package.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index a9ce978..3207da0 100644 --- a/package.json +++ b/package.json @@ -40,10 +40,10 @@ "dependencies": { "array-unique": "^0.2.1", "fancy-log": "^1.2.0", - "findup-sync": "^0.4.0", + "findup-sync": "^3.0.0", "gulplog": "^1.0.0", "has-gulplog": "^0.1.0", - "micromatch": "^2.3.8", + "micromatch": "^3.1.10", "resolve": "^1.1.7" }, "devDependencies": { From d979a9667f2bbac12e08bc540bfbb9bc5528f3e1 Mon Sep 17 00:00:00 2001 From: Jack Franklin Date: Thu, 30 May 2019 18:46:25 +0100 Subject: [PATCH 2/5] bump mocha to fix security issue --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 3207da0..0fb0d92 100644 --- a/package.json +++ b/package.json @@ -52,7 +52,7 @@ "eslint-config-standard": "5.3.1", "eslint-plugin-promise": "1.3.2", "eslint-plugin-standard": "1.3.2", - "mocha": "^2.1.0", + "mocha": "^6.1.4", "proxyquire": "^1.0.1", "sinon": "^1.9.1" } From 2e2454259c29beb3873de747ad2a0214867ee1b0 Mon Sep 17 00:00:00 2001 From: Jack Franklin Date: Thu, 30 May 2019 18:47:16 +0100 Subject: [PATCH 3/5] 1.6.0 --- README.md | 3 +++ package.json | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 59ee83e..f483ec2 100644 --- a/README.md +++ b/README.md @@ -188,6 +188,9 @@ Credit largely goes to @sindresorhus for his [load-grunt-plugins](https://github ## Changelog +##### 1.6.0 +- Bump some dependencies that had security vulnerabilities - thanks @tombye - [PR](https://github.com/jackfranklin/gulp-load-plugins/pull/138) + ##### 1.5.0 - added `overridePattern` - thanks @bretkikehara - [PR](https://github.com/jackfranklin/gulp-load-plugins/pull/127) diff --git a/package.json b/package.json index 0fb0d92..39fa5cb 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "gulp-load-plugins", - "version": "1.5.0", + "version": "1.6.0", "description": "Automatically load any gulp plugins in your package.json", "scripts": { "test": "npm run lint && NODE_PATH=test/global_modules mocha", From 574fcd496951caf3258c4b672dec7e78ecce93ce Mon Sep 17 00:00:00 2001 From: Jack Franklin Date: Thu, 30 May 2019 18:49:17 +0100 Subject: [PATCH 4/5] add note about maintainers wanted --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index f483ec2..942143d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # gulp-load-plugins +# Maintainers wanted! + +I no longer use Gulp and therefore I'm not able to maintain this plugin as well as I'd like. If you would like to, please get in touch on Twitter (@Jack_Franklin). + [![npm](https://nodei.co/npm/gulp-load-plugins.svg?downloads=true)](https://nodei.co/npm/gulp-load-plugins/) > Loads gulp plugins from package dependencies and attaches them to an object of your choice. From a8f5b64dc7e22b5e353416d6e959e4f52685d03f Mon Sep 17 00:00:00 2001 From: Jack Franklin Date: Thu, 30 May 2019 18:55:24 +0100 Subject: [PATCH 5/5] run on node 8 --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9b8c4fa..e09e401 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,4 @@ sudo: false language: node_js node_js: - - "4.1" - - "0.12" + - "8"