Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

USWDS-Compile - Feature: Support gulp 5 #99

Closed
2 tasks done
levinmr opened this issue May 3, 2024 · 1 comment · Fixed by #96
Closed
2 tasks done

USWDS-Compile - Feature: Support gulp 5 #99

levinmr opened this issue May 3, 2024 · 1 comment · Fixed by #96
Assignees
@mejiaj @mahoneycm
Labels
Type: Feature Request New functionality
Milestone
compile 1.2.0

Comments

@levinmr
Copy link

levinmr commented May 3, 2024

Is your feature request related to a problem? Please describe.

uswds-compile is causing npm audit warnings because it depends on old versions of gulp. Npm audit output follows:

# npm audit report

glob-parent  <5.1.2
Severity: high
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/chokidar/node_modules/glob-parent
node_modules/glob-stream/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    glob-watcher  3.0.0 - 5.0.5
    Depends on vulnerable versions of chokidar
    node_modules/glob-watcher
      gulp  4.0.0 - 4.0.2
      Depends on vulnerable versions of glob-watcher
      Depends on vulnerable versions of vinyl-fs
      node_modules/gulp
  glob-stream  5.3.0 - 6.1.0
  Depends on vulnerable versions of glob-parent
  node_modules/glob-stream
    vinyl-fs  2.4.2 - 3.0.3
    Depends on vulnerable versions of glob-stream
    node_modules/vinyl-fs

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
No fix available
node_modules/@gulp-sourcemaps/identity-map/node_modules/postcss
  @gulp-sourcemaps/identity-map  >=2.0.0
  Depends on vulnerable versions of postcss
  node_modules/@gulp-sourcemaps/identity-map
    gulp-sourcemaps  >=3.0.0
    Depends on vulnerable versions of @gulp-sourcemaps/identity-map
    node_modules/gulp-sourcemaps
      @uswds/compile  *
      Depends on vulnerable versions of gulp
      Depends on vulnerable versions of gulp-sourcemaps
      node_modules/@uswds/compile

Describe the solution you'd like

Support gulp v5

Describe alternatives you've considered

No response

Additional context

No response

Code of Conduct
@levinmr levinmr added the Type: Feature Request New functionality label May 3, 2024
@github-actions github-actions bot added the Status: Triage We're triaging this issue and grooming if necessary label May 3, 2024
This was referenced May 14, 2024
Merged
Merged
@mahoneycm
Copy link
Contributor

Possible regression

I tested updating Gulp to 5.0.0 in #101. When installing the branch on our Site and Sandbox repos, I saw a possible regression in Sandbox when trying to run the copyAssets and copyImages compile scripts. The images would become corrupt and not be able to open properly. For whatever reason, this was not an issue on our Site repo.

@brunerae brunerae moved this to Ready to Schedule in USWDS Core Project Data Jun 6, 2024
@brunerae brunerae removed the Status: Triage We're triaging this issue and grooming if necessary label Jun 6, 2024
@brunerae brunerae added this to the compile 1.2.0 milestone Jun 10, 2024
@brunerae brunerae moved this from Ready to Schedule to Scheduled in USWDS Core Project Data Jun 10, 2024
@mejiaj mejiaj mentioned this issue Jun 17, 2024
Merged
3 tasks
@mejiaj mejiaj moved this from Scheduled to Review in USWDS Core Project Data Jun 17, 2024
@amyleadem amyleadem moved this from Review to Fed Final Review in USWDS Core Project Data Jul 9, 2024
@github-project-automation github-project-automation bot moved this from Fed Final Review to Done in USWDS Core Project Data Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mejiaj mejiaj

@mahoneycm mahoneycm

Labels
Type: Feature Request New functionality
Projects
USWDS Core Project Data
Status: Done
Milestone
compile 1.2.0
Development

Successfully merging a pull request may close this issue.

USWDS-Compile - Dependencies: GulpJS v5 uswds/uswds-compile
4 participants
@mejiaj @levinmr @mahoneycm @brunerae