Hello,
one of glob-watcher dependency package in version 5.x.x have a really serious vulnerability.
In the latest major version this vulnerability doesn't occur so can you update it to version 6?

This vulnerability allows the attacker to make RCE attacks when the victim runs the build command.
For security purposes, I cannot tell which package has that vulnerability because it hasn't been publicly announced yet.

It is a breaking version and will be included in the gulp v5 work.