Bump extend and gulp

[dependabot]

Bumps extend to 3.0.2 and updates ancestor dependency gulp. These dependencies need to be updated together.

Updates extend from 1.3.0 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

• [Fix] Prevent merging __proto__ property (#48)
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

3.0.1 / 2017-04-27

• [Fix] deep extending should work with a non-object (#46)
• [Dev Deps] update tape, eslint, @ljharb/eslint-config
• [Tests] up to node v7.9, v6.10, v4.8; improve matrix
• [Docs] Switch from vb.teelaun.ch to versionbadg.es for the npm version badge SVG.
• [Docs] Add example to readme (#34)

3.0.0 / 2015-07-01

• [Possible breaking change] Use global "strict" directive (#32)
• [Tests] int is an ES3 reserved word
• [Tests] Test up to io.js v2.3
• [Tests] Add npm run eslint
• [Dev Deps] Update covert, jscs

2.0.2 / 2018-07-19

• [Fix] Prevent merging __proto__ property (#48)
• [Fix] deep extending should work with a non-object (#46)
• [Docs] Switch from vb.teelaun.ch to versionbadg.es for the npm version badge SVG.
• [Docs] Add example to readme (#34)
• [Dev Deps] update tape, eslint, @ljharb/eslint-config, covert, jscs
• [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; io.js v2.3; use nvm install-latest-npm
• [Tests] Add npm run eslint
• [Tests] int is an ES3 reserved word

2.0.1 / 2015-04-25

• Use an inline isArray check, for ES3 browsers. (#27)
• Some old browsers fail when an identifier is toString
• Test latest node and io.js versions on travis-ci; speed up builds
• Add license info to package.json (#25)
• Update tape, jscs
• Adding a CHANGELOG

2.0.0 / 2014-10-01

• Increase code coverage to 100%; run code coverage as part of tests
• Add npm run lint; Run linter as part of tests
• Remove nodeType and setInterval checks in isPlainObject
• Updating tape, jscs, covert
• General style and README cleanup

Commits

• 8d106d2 v3.0.2
• e97091f [Dev Deps] update tape
• e841aac [Tests] up to node v10.7
• 0e68e71 [Fix] Prevent merging proto property
• a689700 Only apps should have lockfiles
• f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
• f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
• 138b515 v3.0.1
• 7e19a6f [Tests] up to node v7.9, v6.10, v4.8; improve matrix
• 0191e27 [Dev Deps] update tape, eslint, @ljharb/eslint-config
• Additional commits viewable in compare view

Updates gulp from 3.8.8 to 3.9.1

Release notes

Sourced from gulp's releases.

v3.9.1

docs

• fix gulp.task link (ae1ef09)

Docs

• Clarify err usage (f30fc3a)

v3.9.0

No release notes provided.

v3.8.11

No release notes provided.

v3.8.10

No release notes provided.

v3.8.9

Readme

• Gittip is now Gratipay (a9b48cb)

Changelog

Sourced from gulp's changelog.

3.9.1

• update interpret to 1.0.0 (support for babel-register)
• fix to include manpages in published tarball
• documentation/recipe updates

3.9.0

• add babel support
• add transpiler fallback support
• add support for some renamed transpilers: livescript, etc
• add JSCS
• update dependencies (liftoff, interpret)
• documentation tweaks

3.8.11

• fix node 0.12/iojs problems
• add node 0.12 and iojs to travis
• update dependencies (liftoff, v8flags)
• documentation tweaks

3.8.10

• add link to spanish docs
• update dependencies (archy, semver, mocha, etc)
• documentation tweaks

3.8.9

• fix local version undefined output
• add completion for fish shell
• fix powershell completion line splitting
• add support for arbitrary node flags (oops, should have been a minor bump)
• add v8flags dependency
• update dependencies (liftoff)
• documentation tweaks

Commits

• 9c14e3a 3.9.1
• 907f3ab add manpages to the published files
• beb664e test on node 4
• e0a6b5a readme enhancements
• 49a2b17 readme improvements
• 6922064 link to next release in the readme
• 88a24d1 Delete SUMMARY.md
• 30c4e53 Merge pull request #1510 from gulpjs/gulp-cli-suggestion
• 518ab0b suggest gulp-cli in the getting started
• ce8e94c Merge pull request #1506 from thejameskyle/tjk/export-docs
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by phated, a new releaser for gulp since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.