Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency node-sass to v7 [security] #144

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented May 28, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
node-sass ^4.11.0 -> ^7.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-9v62-24cr-58cx

Affected versions of node-sass are vulnerable to Denial of Service (DoS). Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::get_importer_entry and CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.

Recommendation

Upgrade to version 4.13.1 or later

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.


Release Notes

sass/node-sass (node-sass)

v7.0.0

Compare Source

Breaking changes
Features
Dependencies
Community
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Compare Source

Dependencies
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 16
Community

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v5.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 15
  • New node-gyp version that supports building with Python 3
Community
Fixes

Supported Environments

OS Architecture Node
Windows x86 & x64 10, 12, 14, 15
OSX x64 10, 12, 14, 15
Linux* x64 10, 12, 14, 15
Alpine Linux x64 10, 12, 14, 15
FreeBSD i386 amd64 10, 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v4.14.1

Compare Source

Community
Fixes

Supported Environments

OS Architecture Node
Windows x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
OSX x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
Linux* x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^, 14**^
Alpine Linux x64 6, 8, 10, 11, 12, 13, 14
FreeBSD i386 amd64 10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+
** Not available on CentOS 5
^ Only available on x64

v4.14.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.14.0

v4.13.1

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.13.0

v4.12.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.12.0


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title chore(deps): update dependency node-sass to v7 [security] chore(deps): update dependency node-sass to v7 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-node-sass-vulnerability branch December 8, 2024 18:37
@renovate renovate bot changed the title chore(deps): update dependency node-sass to v7 [security] - autoclosed chore(deps): update dependency node-sass to v7 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from b78e976 to d9a9961 Compare December 8, 2024 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants