[Snyk] Upgrade: acorn, browser-sync, chai, del, drool, escodegen, through2, gulp, gulp-autoprefixer, gulp-cache, gulp-csso, gulp-file, gulp-flatten, gulp-header, merge-stream, gulp-if, gulp-iife, gulp-rename, gulp-imagemin, gulp-load-plugins, gulp-open, gulp-replace, gulp-sass, gulp-shell, gulp-size, gulp-sourcemaps, gulp-tap, gulp-uglify, gulp-zip, mocha, prismjs, run-sequence, vinyl-paths

[WontonSam]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

acorn
from 4.0.13 to 8.12.1 | 79 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-03
browser-sync
from 2.29.3 to 3.0.2 | 9 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 9 months ago
on 2023-12-27
chai
from 3.5.0 to 5.1.1 | 32 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-09
del
from 2.2.2 to 7.1.0 | 11 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-08-30
drool
from 0.4.0 to 0.6.0 | 2 versions ahead of your current version | 7 years ago
on 2018-02-04
escodegen
from 1.14.3 to 2.1.0 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a year ago
on 2023-06-29
through2
from 2.0.5 to 4.0.2 | 6 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 years ago
on 2020-06-30
gulp
from 3.9.1 to 5.0.0 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 6 months ago
on 2024-03-29
gulp-autoprefixer
from 3.1.1 to 9.0.0 | 9 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 10 months ago
on 2023-11-02
gulp-cache
from 0.4.6 to 1.1.3 | 8 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 years ago
on 2019-08-10
gulp-csso
from 1.0.0 to 4.0.1 | 7 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 years ago
on 2019-11-14
gulp-file
from 0.3.0 to 0.4.0 | 1 version ahead of your current version | 7 years ago
on 2018-01-02
gulp-flatten
from 0.3.1 to 0.4.0 | 1 version ahead of your current version | 7 years ago
on 2017-12-31
gulp-header
from 1.8.12 to 2.0.9 | 7 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 years ago
on 2019-07-12
merge-stream
from 1.0.1 to 2.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 years ago
on 2019-05-23
gulp-if
from 2.0.2 to 3.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 years ago
on 2019-07-18
gulp-iife
from 0.3.0 to 0.4.0 | 1 version ahead of your current version | 6 years ago
on 2018-10-31
gulp-rename
from 1.4.0 to 2.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 years ago
on 2019-12-04
gulp-imagemin
from 3.4.0 to 9.1.0 | 15 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-05
gulp-load-plugins
from 1.6.0 to 2.0.8 | 9 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 years ago
on 2022-08-29
gulp-open
from 2.1.0 to 3.0.1 | 2 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 6 years ago
on 2018-03-25
gulp-replace
from 0.5.4 to 1.1.4 | 8 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 years ago
on 2022-12-17
gulp-sass
from 3.0.0 to 5.1.0 | 10 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 3 years ago
on 2021-12-31
gulp-shell
from 0.5.2 to 0.8.0 | 9 versions ahead of your current version | 5 years ago
on 2020-02-12
gulp-size
from 2.1.0 to 5.0.0 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 10 months ago
on 2023-10-31
gulp-sourcemaps
from 2.6.5 to 3.0.0 | 1 version ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 years ago
on 2020-11-11
gulp-tap
from 0.1.3 to 2.0.0 | 5 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 5 years ago
on 2019-08-19
gulp-uglify
from 2.1.2 to 3.0.2 | 3 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 6 years ago
on 2019-03-01
gulp-zip
from 4.2.0 to 6.0.0 | 5 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 10 months ago
on 2023-11-03
mocha
from 3.5.3 to 10.7.3 | 70 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-09
prismjs
from 0.0.1 to 1.29.0 | 36 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 years ago
on 2022-08-23
run-sequence
from 1.2.2 to 2.2.1 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 7 years ago
on 2018-01-03
vinyl-paths
from 2.1.0 to 5.0.0 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 years ago
on 2022-07-26

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-OPEN-174041	188	No Known Exploit
	Arbitrary Command Injection npm:open:20180512	188	Proof of Concept
	Directory Traversal SNYK-JS-ADMZIP-1065796	188	No Known Exploit
	NULL Pointer Dereference SNYK-JS-NODESASS-535500	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	188	Proof of Concept
	Use After Free SNYK-JS-NODESASS-541000	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-561410	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	188	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	188	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	188	No Known Exploit
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	188	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	188	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	188	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	188	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	188	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	188	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	188	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	188	No Known Exploit
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	188	Proof of Concept
	Out-of-Bounds SNYK-JS-NODESASS-535498	188	Proof of Concept
	Out-of-bounds Read SNYK-JS-NODESASS-540958	188	Proof of Concept
	Uncontrolled Recursion SNYK-JS-NODESASS-540964	188	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NODESASS-540978	188	Proof of Concept
	NULL Pointer Dereference SNYK-JS-NODESASS-540992	188	Proof of Concept
	Out-of-Bounds SNYK-JS-NODESASS-540998	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	188	Proof of Concept
	Out-of-bounds Read SNYK-JS-NODESASS-541002	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	188	No Known Exploit
	Improper Certificate Validation SNYK-JS-NODESASS-1059081	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	188	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	188	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	188	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	188	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	188	Mature
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	188	Proof of Concept
	Uninitialized Memory Exposure npm:tunnel-agent:20170305	188	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	188	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	188	Proof of Concept
	Arbitrary Code Injection npm:growl:20160721	188	No Known Exploit

Release notes

Package name: acorn

• 8.12.1 - 2024-07-03
  

  Bug fixes

  Fix a regression that caused Acorn to no longer run on Node versions <8.10.

• 8.12.0 - 2024-06-14
  

  New features

  Support ES2025 duplicate capture group names in regular expressions.

  Bug fixes

  Include VariableDeclarator in the AnyNode type so that walker objects can refer to it without getting a type error.

  Properly raise a parse error for invalid for/of statements using async as binding name.

  Properly recognize "use strict" when preceded by a string with an escaped newline.

  Mark the Parser constructor as protected, not private, so plugins can extend it without type errors.

  Fix a bug where some invalid delete expressions were let through when the operand was parenthesized and preserveParens was enabled.

  Properly normalize line endings in raw strings of invalid template tokens.

  Properly track line numbers for escaped newlines in strings.

  Fix a bug that broke line number accounting after a template literal with invalid escape sequences.

• 8.11.3 - 2023-12-29
  

  Bug fixes

  Add Function and Class to the AggregateType type, so that they can be used in walkers without raising a type error.

  Make sure onToken get an import keyword token when parsing import.meta.

  Fix a bug where .loc.start could be undefined for new.target meta nodes.

• 8.11.2 - 2023-10-27
  

  Bug fixes

  Fix a bug that caused regular expressions after colon tokens to not be properly tokenized in some circumstances.

• 8.11.1 - 2023-10-26
  

  Bug fixes

  Fix a regression where onToken would receive 'name' tokens for 'new' keyword tokens.

• 8.11.0 - 2023-10-26
  

  Bug fixes

  Fix an issue where tokenizing (without parsing) an object literal with a property named class or function could, in some circumstance, put the tokenizer into an invalid state.

  Fix an issue where a slash after a call to a propery named the same as some keywords would be tokenized as a regular expression.

  New features

  Upgrade to Unicode 15.1.

  Use a set of new, much more precise, TypeScript types.

• 8.10.0 - 2023-07-05
  

  New features

  Add a checkPrivateFields option that disables strict checking of private property use.

• 8.9.0 - 2023-06-16
  

  Bug fixes

  Forbid dynamic import after new, even when part of a member expression.

  New features

  Add Unicode properties for ES2023.

  Add support for the v flag to regular expressions.

• 8.8.2 - 2023-01-23
  

  Bug fixes

  Fix a bug that caused allowHashBang to be set to false when not provided, even with ecmaVersion >= 14.

  Fix an exception when passing no option object to parse or new Parser.

  Fix incorrect parse error on if (0) let\n[astral identifier char].

• 8.8.1 - 2022-10-24
  

  Bug fixes

  Make type for Comment compatible with estree types.

• 8.8.0 - 2022-07-21
• 8.7.1 - 2022-04-26
• 8.7.0 - 2021-12-27
• 8.6.0 - 2021-11-18
• 8.5.0 - 2021-09-06
• 8.4.1 - 2021-06-24
• 8.4.0 - 2021-06-11
• 8.3.0 - 2021-05-31
• 8.2.4 - 2021-05-04
• 8.2.3 - 2021-05-04
• 8.2.2 - 2021-04-29
• 8.2.1 - 2021-04-24
• 8.2.0 - 2021-04-24
• 8.1.1 - 2021-04-12
• 8.1.0 - 2021-03-09
• 8.0.5 - 2021-01-25
• 8.0.4 - 2020-10-05
• 8.0.3 - 2020-10-02
• 8.0.2 - 2020-09-30
• 8.0.1 - 2020-08-12
• 8.0.0 - 2020-08-12
• 7.4.1 - 2020-10-05
• 7.4.0 - 2020-08-03
• 7.3.1 - 2020-06-11
• 7.3.0 - 2020-06-11
• 7.2.0 - 2020-05-09
• 7.1.1 - 2020-03-01
• 7.1.0 - 2019-09-24
• 7.0.0 - 2019-08-13
• 6.4.2 - 2020-10-05
• 6.4.1 - 2020-03-09
• 6.4.0 - 2019-11-26
• 6.3.0 - 2019-08-12
• 6.2.1 - 2019-07-20
• 6.2.0 - 2019-07-04
• 6.1.1 - 2019-02-27
• 6.1.0 - 2019-02-08
• 6.0.7 - 2019-02-04
• 6.0.6 - 2019-01-30
• 6.0.5 - 2019-01-02
• 6.0.4 - 2018-11-05
• 6.0.3 - 2018-11-04
• 6.0.2 - 2018-09-26
• 6.0.1 - 2018-09-14
• 6.0.0 - 2018-09-14
• 5.7.4 - 2020-03-09
• 5.7.3 - 2018-09-10
• 5.7.2 - 2018-08-24
• 5.7.1 - 2018-06-15
• 5.7.0 - 2018-06-15
• 5.6.2 - 2018-06-05
• 5.6.1 - 2018-06-01
• 5.6.0 - 2018-05-31
• 5.5.3 - 2018-03-08
• 5.5.2 - 2018-03-08
• 5.5.1 - 2018-03-06
• 5.5.0 - 2018-02-27
• 5.4.1 - 2018-02-02
• 5.4.0 - 2018-02-01
• 5.3.0 - 2017-12-28
• 5.2.1 - 2017-10-29
• 5.2.0 - 2017-10-29
• 5.1.2 - 2017-09-04
• 5.1.1 - 2017-07-06
• 5.1.0 - 2017-07-05
• 5.0.3 - 2017-04-01
• 5.0.2 - 2017-03-30
• 5.0.1 - 2017-03-30
• 5.0.0 - 2017-03-28
• 4.0.13 - 2017-05-24

from acorn GitHub release notes

Package name: browser-sync

• 3.0.2 - 2023-12-27
  

  What's Changed

  • fix: dist path by @ bufo24 in #2054
  • fix ui-external url by @ qdirks in #1970

  New Contributors

  • @ bufo24 made their first contribution in #2054
  • @ qdirks made their first contribution in #1970

  Full Changelog: v3.0.1...v3.0.2

• 3.0.1 - 2023-12-27
  

  ⚠️ Breaking

  • removed localtunnel (it's not maintained, and was always optional) - see #2059

  What's Changed

  • build(deps): bump nanoid and mocha in /packages/browser-sync-ui by @ dependabot in #2015
  • build(deps): bump engine.io from 6.2.1 to 6.4.2 in /packages/browser-sync by @ dependabot in #2038
  • build(deps-dev): bump webpack from 5.75.0 to 5.76.0 in /packages/browser-sync-client by @ dependabot in #2027
  • build(deps): bump json5 from 1.0.1 to 1.0.2 by @ dependabot in #2014
  • build(deps): bump json-schema and jsprim in /packages/browser-sync-ui by @ dependabot in #2042
  • fixing nx caching, run tests on nonde 16, 18 & 20 by @ shakyShane in #2050
  • Update README.md by @ shakyShane in #2051
  • adding playwright tests by @ shakyShane in #2052
  • remove localtunnel by @ shakyShane in #2059

  Full Changelog: v2.29.3...v3.0.1

• 3.0.0 - 2023-12-27
  

  v3.0.0

• 3.0.0-alpha.2 - 2023-12-27
  

  v3.0.0-alpha.2

• 3.0.0-alpha.1 - 2023-12-27
  

  v3.0.0-alpha.1

• 3.0.0-alpha.0 - 2023-12-27
  

  v3.0.0-alpha.0

• 2.30.0-alpha.3 - 2023-05-19
  

  v2.30.0-alpha.3

• 2.30.0-alpha.2 - 2023-05-19
  

  v2.30.0-alpha.2

• 2.30.0-alpha.1 - 2023-05-19
  

  v2.30.0-alpha.1

• 2.29.3 - 2023-05-17

from browser-sync GitHub release notes

Package name: chai

• 5.1.1 - 2024-05-09
  

  What's Changed

  • Set up ESLint for JSDoc comments by @ koddsson in #1605
  • build(deps-dev): bump ip from 1.1.8 to 1.1.9 by @ dependabot in #1608
  • Correct Mocha import instructions by @ MattiSG in #1611
  • fix: support some virtual contexts in toThrow by @ 43081j in #1609

  New Contributors

  • @ MattiSG made their first contribution in #1611

  Full Changelog: v5.1.0...v5.1.1

• 5.1.0 - 2024-02-12
  

  What's Changed

  • Remove useless guards and add parentheses to constuctors by @ koddsson in #1593
  • Cleanup jsdoc comments by @ koddsson in #1596
  • Convert comments in "legal comments" format to jsdoc or normal comments by @ koddsson in #1598
  • Implement iterable assertion by @ koddsson in #1592
  • Assert interface fix by @ developer-bandi in #1601
  • Set support in same members by @ koddsson in #1583
  • Fix publish script by @ koddsson in #1602

  New Contributors

  • @ developer-bandi made their first contribution in #1601

  Full Changelog: v5.0.3...v5.1.0

• 5.0.3 - 2024-01-25
  

  Fix bad v5.0.2 publish.

  Full Changelog: v5.0.2...v5.0.3

• 5.0.2 - 2024-01-25
  

  What's Changed

  • build(deps): bump nanoid and mocha by @ dependabot in #1558
  • remove bump-cli by @ koddsson in #1559
  • Update developer dependencies by @ koddsson in #1560
  • fix: removes ?? for node compat (5.x) by @ 43081j in #1576
  • Update loupe to latest version by @ koddsson in #1579
  • Re-enable some webkit tests by @ koddsson in #1580
  • Remove a bunch of if statements in test/should.js by @ koddsson in #1581
  • Remove a bunch of unused files by @ koddsson in #1582
  • Fix 1564 by @ koddsson in #1566

  Full Changelog: v5.0.1...v5.0.2

• 5.0.0 - 2023-12-28
  

  BREAKING CHANGES

  • Chai now only supports EcmaScript Modules (ESM). This means your tests will need to either have import {...} from 'chai' or import('chai'). require('chai') will cause failures in nodejs. If you're using ESM and seeing failures, it may be due to a bundler or transpiler which is incorrectly converting import statements into require calls.
  • Dropped support for Internet Explorer.
  • Dropped support for NodeJS < 18.
  • Minimum supported browsers are now Firefox 100, Safari 14.1, Chrome 100, Edge 100. Support for browsers prior to these versions is "best effort" (bug reports on older browsers will be assessed individually and may be marked as wontfix).

  What's Changed

  • feat: use chaijs/loupe for inspection by @ pcorpet in #1401
  • docs: fix URL in README by @ Izzur in #1413
  • Remove get-func-name dependency by @ koddsson in #1416
  • Convert Makefile script to npm scripts by @ koddsson in #1424
  • Clean up README badges by @ koddsson in #1422
  • fix: package.json - deprecation warning on exports field by @ stevenjoezhang in #1400
  • fix: deep-eql bump package to support symbols by @ snewcomer in #1458
  • ES module conversion PoC by @ 43081j in #1498
  • chore: drop commonjs support by @ 43081j in #1503
  • Update pathval by @ koddsson in

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.