Dependency updates

[olets]

Introduces breaking changes: in task-config.js's javascripts.babel.presets, es2015 must be replaced with env. e.g.

    babel: {
      presets: ['es2015', 'stage-1']
    }

would become

    babel: {
      presets: ['env', 'stage-1']
    }

---

What this PR does

• Resolves warnings on the command line during installation, run, and in npm audit
  • includes all significant security warnings
  • doesn't include Gulp 3-related warnings
• Updates Gulp task dependencies as identified by yarn upgrade --latest
• Drops two deprecated Gulp plugins in favor of their replacements

What this PR doesn't do

• Updates that are more involved to test manually, which should be their own PR
  • Webpack updates
  • Babel updates (h/t Dependency updates #573 (comment))
• Updates that require significant codebase changes
  • the move to Gulp 4
  • the move from gulp-autoprefixer to Autoprefixer
  • the move from gulp-cssnano to cssnano

Steps to test:

1. Dummy project

# Set up a new Blendid project
mkdir <a new directory>
cd <that directory>
yarn init

# Add this PR's version of Blendid
yarn add ssh://git@github.com:vigetlabs/blendid.git#dependency-updates
yarn

# Verify that the basic functionality works
yarn run blendid init
yarn run blendid
# check live site in browser: html and js changes should trigger reload, stylesheet changes should hot update

# Verify that revving works
yarn run blendid build
# check static file in browser
yarn run blendid build
# verify that all references updated

2. Existing projects

To use this update in an existing project, run

yarn add ssh://git@github.com:vigetlabs/blendid.git#dependency-updates

and then in task-config.js change es2015 to env as explained at the top of this post.

1. Try on an exisiting project that uses data
2. Try on an exisiting Craft project

To revert your project to the latest version of Blendid run

yarn add blendid

To restore an older version of Blendid, run yarn add blendid@<version> or yarn add blendid@"<semver>". Or just discard the changes, delete the node_modules folder, and run yarn.

Changes

Where significant work was done that isn't clearly reflected in the diff, command history is included in the commit message.

Security-motivated updates

• browser-sync
• babel-core
• gulp-nunjucks-render
• lodash
• debug

Warning resolution-motivated updates

• babel-present-env replaces babel-preset-es2015
• gulp's watch replaces gulp-watch
• dev:test script uses mocha 6 in place of mocha 3

General upkeep-motivated updates

• ansi-colors
• del
• es6-promise
• fancy-log
• gulp-autoprefixer
• gulp-changed
• gulp-cssnano
• gulp-data
• gulp-htmlmin
• gulp-notify
• gulp-rename
• gulp-replace
• gulp-rev
• gulp-rev-replace
• gulp-sass
• gulp-sequence
• gulp-sizereport
• gulp-sourcemaps
• gulp-svgstore
• node-sass-glob-importer
• plugin-error
• require-dir

Modernization-motivated updates:

• gulp-rev-rewrite replaces gulp-rev-replace
• gulp-rev-delete-original replaces gulp-rev-napkin

[leobauza]

I am the wrong person to properly review this but I did have a questions there

[leobauza]

are all the babel plugins purposely not updated to their latest versions? ie. 7.x.x I could be wrong about this but I think all the latest stuff is in the namespaced packages like @babel/core and @babel/preset-env

[olets]

Wonder if npm audit and yarn upgrade --latest didn't pick those up because of the namespace change. Thanks for calling it out

Primary aim of this PR is to clear out security warnings, secondary goal is to clear out other warnings. The first in several steps towards truly bringing things up to date. Will add Babel updates to the list of next steps

[olets]

Updated the PR description to be more clear about this

[benjtinsley]

sweet

[ten1seven]

👍