Are the 22 vulnerabilities introduced by gulp 4.0.2 on a virgin node project accepted to be ok by everyone? #2640
Description
mkdir gulp-101
cd gulp-101
npm init -y
npm i --save-dev gulp
... 22 high severity vulnerabilities.
cat package.json
{
"name": "gulp-101",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"test": "echo "Error: no test specified" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"devDependencies": {
"gulp": "^4.0.2"
}
}