Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency node-sass to v7 [SECURITY] #52

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency node-sass to v7 [SECURITY] #52

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 26, 2021
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
node-sass 4.12.0 -> 7.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-9v62-24cr-58cx

Affected versions of node-sass are vulnerable to Denial of Service (DoS). Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::get_importer_entry and CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.

Recommendation

Upgrade to version 4.13.1 or later

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

Release Notes

sass/node-sass (node-sass)

v7.0.0

Compare Source

Breaking changes
Features
Dependencies
Community
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Compare Source

Dependencies
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 16
Community

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v5.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 15
  • New node-gyp version that supports building with Python 3
Community
Fixes

Supported Environments

OS Architecture Node
Windows x86 & x64 10, 12, 14, 15
OSX x64 10, 12, 14, 15
Linux* x64 10, 12, 14, 15
Alpine Linux x64 10, 12, 14, 15
FreeBSD i386 amd64 10, 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v4.14.1

Compare Source

Community
Fixes

Supported Environments

OS Architecture Node
Windows x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
OSX x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
Linux* x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^, 14**^
Alpine Linux x64 6, 8, 10, 11, 12, 13, 14
FreeBSD i386 amd64 10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+
** Not available on CentOS 5
^ Only available on x64

v4.14.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.14.0

v4.13.1

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.13.0

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 29c5cfc to cb3a55a Compare October 19, 2021 00:15
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from cb3a55a to 302b7d7 Compare March 7, 2022 11:52
@renovate renovate bot changed the title Update dependency node-sass to v4.13.1 [SECURITY] Update dependency node-sass to v7.0.0 [SECURITY] Mar 7, 2022
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 302b7d7 to 59058bc Compare March 26, 2022 13:18
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 59058bc to 7b88955 Compare April 25, 2022 02:35
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from 3a120c3 to 7ee426a Compare June 23, 2022 23:43
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 7ee426a to 4998fac Compare September 25, 2022 22:20
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 4998fac to d8345e9 Compare November 20, 2022 10:50
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from d8345e9 to 0706305 Compare March 16, 2023 06:40
@renovate renovate bot changed the title Update dependency node-sass to v7.0.0 [SECURITY] Update dependency node-sass to v7 [SECURITY] Mar 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants