Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency node-sass to v7 [security] #118

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 7, 2022

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
node-sass 4.14.1 -> 7.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-9v62-24cr-58cx

Affected versions of node-sass are vulnerable to Denial of Service (DoS). Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::get_importer_entry and CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.

Recommendation

Upgrade to version 4.13.1 or later

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.


Release Notes

sass/node-sass (node-sass)

v7.0.0

Compare Source

Breaking changes
Features
Dependencies
Community
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Compare Source

Dependencies
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 16
Community

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v5.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 15
  • New node-gyp version that supports building with Python 3
Community
Fixes

Supported Environments

OS Architecture Node
Windows x86 & x64 10, 12, 14, 15
OSX x64 10, 12, 14, 15
Linux* x64 10, 12, 14, 15
Alpine Linux x64 10, 12, 14, 15
FreeBSD i386 amd64 10, 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from 1b2257e to dbcb45e Compare March 7, 2022 23:01
@renovate renovate bot changed the title fix(deps): update dependency node-sass to v7 [security] fix(deps): update dependency node-sass to v7 [security] - autoclosed Mar 12, 2022
@renovate renovate bot closed this Mar 12, 2022
@renovate renovate bot deleted the renovate/npm-node-sass-vulnerability branch March 12, 2022 00:10
@renovate renovate bot changed the title fix(deps): update dependency node-sass to v7 [security] - autoclosed fix(deps): update dependency node-sass to v7 [security] Mar 15, 2022
@renovate renovate bot restored the renovate/npm-node-sass-vulnerability branch March 15, 2022 18:21
@renovate renovate bot reopened this Mar 15, 2022
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from dbcb45e to 55ff45e Compare April 25, 2022 23:07
@renovate renovate bot changed the title fix(deps): update dependency node-sass to v7 [security] fix(deps): update dependency node-sass to v7 [SECURITY] Jun 27, 2022
@renovate renovate bot changed the title fix(deps): update dependency node-sass to v7 [SECURITY] fix(deps): update dependency node-sass to v7 [security] Jun 28, 2022
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 55ff45e to c643988 Compare March 16, 2023 10:02
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from 7ee72b9 to b0ad759 Compare May 9, 2023 17:14
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from b0ad759 to 2f3a442 Compare June 30, 2023 01:14
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from 86ba8a1 to e3ba59e Compare August 23, 2023 19:27
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from e3ba59e to f96cc69 Compare September 10, 2024 07:52
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from f96cc69 to 5b8a102 Compare September 12, 2024 03:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants