update dependencies

[benjtinsley]

upon installing blendid, there are several warnings related to deprecated packages:

warning blendid > [email protected]: 🙌  Thanks for using Babel: we recommend using babel-preset-env now: please read babeljs.io/env to update! 
warning blendid > [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-cssnano > [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-autoprefixer > [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-data > [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-sass > [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-sequence > [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp-rev-napkin > [email protected]: gulp-util is deprecated - replace it, following the guidelines at https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5
warning blendid > gulp > vinyl-fs > [email protected]: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
warning blendid > gulp > vinyl-fs > glob-stream > [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning blendid > gulp-nunjucks-render > through2 > xtend > [email protected]: 
warning blendid > gulp > vinyl-fs > glob-watcher > gaze > globule > [email protected]: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
warning blendid > gulp > vinyl-fs > glob-watcher > gaze > globule > glob > [email protected]: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js

these are distilled to:

• update babel-preset-es2015 to babel-preset-env
• update gulp-util (https://medium.com/gulpjs/gulp-util-ca3b1f9f9ac5)
• check if update to gulp exists to rectify many errors
• check if update to gulp-cssnano exists to rectify gulp-util error
• check if update to gulp-autoprefixer exists to rectify gulp-util error
• check if update to gulp-data exists to rectify gulp-util error
• check if update to gulp-sass exists to rectify gulp-util error
• check if update to gulp-sequence exists to rectify gulp-util error
• check if update to gulp-rev-napkin exists to rectify gulp-util error
• update gulp-nunjucks-render to rectify through2 error

[benjtinsley]

related to #516 & #508

[benjtinsley]

gulp-sass is in the process of being updated: dlmanning/gulp-sass#646
gulp-cssnano is in the process of being updated: https://github.com/ben-eb/gulp-cssnano/issues/92
gulp is in the process of being updated: gulpjs/gulp#1486

will update once those remaining few are resolved

[TheDancingCode]

gulp-sass v4.0.0 was released, which fixes the gulp-util warning.
The warnings on the gulp install can be fixed by moving to v4.0.0 as well, I believe.

Additionally, gulp-rev-replace is no longer maintained, but maintenance continues in gulp-rev-rewrite.

[olets]

As of now, the main thing is Gulp 4 (#578)

Snyk recommends the following:

• upgrade open from 0.0.5 to 6.0.0
• upgrade gulp-nunjucks-render from 2.2.2 to 2.2.3
• upgrade webpack from 3.12.0 to 4.0.0

Snyk also turns up these warnings:

• gulp-cssnano has security problems
  would be addressed by switching to (non-gulp) cssnano
• gulp-sass 4.0.2's node-sass 4.11.0's node-gyp 3.8.0's tar 2.2.1 is out of date
• gulp-svgstore 7.0.1's cheerio 0.22.0's lodash.merge 4.6.1 is bad

[angrybrad]

Went to make a ticket for this and saw this existing one.

olets comment hits all of the major security-related issues in the dependency chain.