- Issue created by @kenfordesign
- ๐ฎ๐ณIndia ravi kant Jaipur
ravi kant โ made their first commit to this issueโs fork.
- Status changed to Needs work
10 months ago 11:07am 12 May 2024 - ๐บ๐ธUnited States DamienMcKenna NH, USA
After I apply the change locally I can't compile the theme anymore, when I run "gulp" I get this:
$ gulp [07:06:13] Unsupported gulp version - Status changed to Needs review
10 months ago 7:43am 13 May 2024 - ๐ฎ๐ณIndia ravi kant Jaipur
@DamienMcKenna
I am using below version of gulp
CLI version: 3.0.0 Local version: 5.0.0Also i have fixed compiling error.
- ๐บ๐ธUnited States emptyvoid
This may be related, let me know if I should post a new issue.
But this package has serious security notices blocking release for our government projects.
Is there an alternative package which could be used or some way to fix the injection security issues?https://www.npmjs.com/package/gulp-scss-lint?activeTab=readme
Security check notice
Security Report on issue
What options do we have to replace it or fix this issue?
- ๐บ๐ธUnited States emptyvoid
Found a commit for the library waiting on it to be merged into an release.
https://github.com/juanfran/gulp-scss-lint/pull/95
package-lock.json uploaded with the patch commit fixing the security issue.
"gulp-scss-lint": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/gulp-scss-lint/-/gulp-scss-lint-1.0.0.tgz", "integrity": "sha512-oiaBUSHYySCvKSXymObuvThhfrqjxReqmFyZrABGspVnPJhzjDcSGb1s+9IURcWa5yZmgZTrsyQ1/ImRDWmg8A==", "dev": true, "requires": { "bluebird": "^3.3.5", "chalk": "^2.4.1", "dargs": "~6.0.0", "event-stream": "3.3.4", "fancy-log": "^1.3.2", "plugin-error": "^1.0.1", "pretty-data": "^0.40.0", "shell-escape": "^0.2.0", "slash": "^2.0.0", "vinyl": "^2.2.0", "vinyl-fs": "^3.0.3", "xml2js": "^0.4.16" },So manually add this to your custom theme built from the contrib theme or get this committed to a release at some point?