Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade sass from 1.45.2 to 1.56.0 #170

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade sass from 1.45.2 to 1.56.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 35 versions ahead of your current version.
  • The recommended version was released 23 days ago, on 2022-11-04.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-UGLIFYJS-3113873
311/1000
Why? Recently disclosed, CVSS 4.8
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: sass
  • 1.56.0 - 2022-11-04

    To install Sass 1.56.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Potentially breaking change: To match the CSS spec, SassScript expressions beginning with not or ( are no longer supported at the beginning of parenthesized sections of media queries. For example,

      @ media (width >= 500px) and (not (grid))

      will now be emitted unchanged, instead of producing

      @ media (width >= 500px) and (false)

      See the Sass website for details.

    • Potentially breaking bug fix: Angle units like rad or turn are now properly converted to equivalent deg values for hsl(), hsla(), adjust-hue(), color.adjust(), and color.change().

      See the Sass website for details.

    • Fix indentation for selectors that span multiple lines in a @ media query.

    • Emit a deprecation warning when passing $alpha values with units to color.adjust() or color.change(). This will be an error in Dart Sass 2.0.0.

      See the Sass website for details.

    • Emit a deprecation warning when passing a $weight value with no units or with units other than % to color.mix(). This will be an error in Dart Sass 2.0.0.

      See the Sass website for details.

    • Emit a deprecation warning when passing $n values with units to list.nth() or list.set-nth(). This will be an error in Dart Sass 2.0.0.

      See the Sass website for details.

    • Improve existing deprecation warnings to wrap /-as-division suggestions in calc() expressions.

    • Properly mark the warning for passing numbers with units to random() as a deprecation warning.

    • Fix a bug where @ extend could behave unpredicatably when used along with meta.load-css() and shared modules that contained no CSS themselves but loaded CSS from other modules.

    Dart API

    • Emit a deprecation warning when passing a sassIndex with units to Value.sassIndexToListIndex(). This will be an error in Dart Sass 2.0.0.

    JS API

    • Importer results now validate whether contents is actually a string type.

    • Importer result argument errors are now rendered correctly.

    See the full changelog for changes in earlier releases.

  • 1.55.0 - 2022-09-21

    To install Sass 1.55.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Potentially breaking bug fix: Sass numbers are now universally stored as 64-bit floating-point numbers, rather than sometimes being stored as integers. This will generally make arithmetic with very large numbers more reliable and more consistent across platforms, but it does mean that numbers between nine quadrillion and nine quintillion will no longer be represented with full accuracy when compiling Sass on the Dart VM.

    • Potentially breaking bug fix: Sass equality is now properly transitive. Two numbers are now considered equal (after doing unit conversions) if they round to the same 1e-11th. Previously, numbers were considered equal if they were within 1e-11 of one another, which led to some circumstances where $a == $b and $b == $c but $a != $b.

    • Potentially breaking bug fix: Various functions in sass:math no longer treat floating-point numbers that are very close (but not identical) to integers as integers. Instead, these functions now follow the floating-point specification exactly. For example, math.pow(0.000000000001, -1) now returns 1000000000000 instead of Infinity.

    • Emit a deprecation warning for $a -$b and $a +$b, since these look like they could be unary operations but they're actually parsed as binary operations. Either explicitly write $a - $b or $a (-$b). See https://sass-lang.com/d/strict-unary for more details.

    Dart API

    • Add an optional argumentName parameter to SassScriptException() to make it easier to throw exceptions associated with particular argument names.

    • Most APIs that previously returned num now return double. All APIs continue to accept num, although in Dart 2.0.0 these APIs will be changed to accept only double.

    JS API

    • Fix a bug in which certain warning spans would not have their properties accessible by the JS API.

    See the full changelog for changes in earlier releases.

  • 1.54.9 - 2022-09-07

    To install Sass 1.54.9, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Fix an incorrect span in certain @ media query deprecation warnings.

    See the full changelog for changes in earlier releases.

  • 1.54.8 - 2022-08-31

    To install Sass 1.54.8, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • No user-visible changes.

    See the full changelog for changes in earlier releases.

  • 1.54.7 - 2022-08-31
  • 1.54.6 - 2022-08-29
  • 1.54.5 - 2022-08-19
  • 1.54.4 - 2022-08-10
  • 1.54.3 - 2022-08-04
  • 1.54.2 - 2022-08-03
  • 1.54.1 - 2022-08-02
  • 1.54.0 - 2022-07-22
  • 1.53.0 - 2022-06-22
  • 1.52.3 - 2022-06-08
  • 1.52.2 - 2022-06-03
  • 1.52.1 - 2022-05-20
  • 1.52.0 - 2022-05-20
  • 1.51.0 - 2022-04-26
  • 1.50.1 - 2022-04-19
  • 1.50.0 - 2022-04-07
  • 1.49.11 - 2022-04-01
  • 1.49.10 - 2022-03-30
  • 1.49.9 - 2022-02-24
  • 1.49.8 - 2022-02-17
  • 1.49.7 - 2022-02-01
  • 1.49.6 - 2022-02-01
  • 1.49.5 - 2022-02-01
  • 1.49.4 - 2022-02-01
  • 1.49.3 - 2022-02-01
  • 1.49.2 - 2022-02-01
  • 1.49.1 - 2022-01-31
  • 1.49.0 - 2022-01-18
  • 1.48.0 - 2022-01-13
  • 1.47.0 - 2022-01-07
  • 1.46.0 - 2022-01-06
  • 1.45.2 - 2021-12-31
from sass GitHub release notes
Commit messages
Package name: sass

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant