[Snyk] Upgrade sass from 1.55.0 to 1.70.0 #66
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade sass from 1.55.0 to 1.70.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-TOUGHCOOKIE-5672873
Why? Proof of Concept exploit, CVSS 6.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: sass
To install Sass 1.70.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
JavaScript API
Add a
sass.initCompiler()
function that returns asass.Compiler
object which supportscompile()
andcompileString()
methods with the same API as the global Sass object. On the Node.js embedded host, eachsass.Compiler
object uses a single long-lived subprocess, making compiling multiple stylesheets much more efficient.Add a
sass.initAsyncCompiler()
function that returns asass.AsyncCompiler
object which supportscompileAsync()
andcompileStringAsync()
methods with the same API as the global Sass object. On the Node.js embedded host, eachsass.AsynCompiler
object uses a single long-lived subprocess, making compiling multiple stylesheets much more efficient.Embedded Sass
Support the
CompileRequest.silent
field. This allows compilations with no logging to avoid unnecessary request/response cycles.The Dart Sass embedded compiler now reports its name as "dart-sass" rather than "Dart Sass", to match the JS API's
info
field.See the full changelog for changes in earlier releases.
To install Sass 1.69.7, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Embedded Sass
See the full changelog for changes in earlier releases.
To install Sass 1.69.6, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Produce better output for numbers with complex units in
meta.inspect()
and debugging messages.Escape U+007F DELETE when serializing strings.
When generating CSS error messages to display in-browser, escape all code points that aren't in the US-ASCII region. Previously only code points U+0100 LATIN CAPITAL LETTER A WITH MACRON were escaped.
Provide official releases for musl LibC and for Android.
Don't crash when running
meta.apply()
in asynchronous mode.JS API
SourceSpan
s that didn't follow the documentedSourceSpan
API.See the full changelog for changes in earlier releases.
Commit messages
Package name: sass
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs