[Snyk] Upgrade node-sass from 4.11.0 to 4.14.1

[snyk-bot]

Snyk has created this PR to upgrade node-sass from 4.11.0 to 4.14.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released a year ago, on 2020-05-04.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-174125	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Use After Free SNYK-JS-NODESASS-535497	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHMERGEWITH-174136	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-JSONPOINTER-598804	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-COPYPROPS-1082870	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NODESASS-542662	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-sass

• 4.14.1 - 2020-05-04
  

  Community

  • Add GitHub Actions for Alpine CI (@ nschonni, #2823)

  Fixes

  • Bump sass-graph@2.2.5 (@ xzyfer, #2912)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^, 14**^
  Alpine Linux	x64	6, 8, 10, 11, 12, 13, 14
  FreeBSD	i386 amd64	10, 12, 13

  *Linux support refers to Ubuntu, Debian, and CentOS 5+
  ** Not available on CentOS 5
  ^ Only available on x64

• 4.14.0 - 2020-04-23
  

  Features

  • Add Node 14 support (@ nschonni, #2895)

  Fixes

  • Reporting wrong LibSass version (@ saper, #2621)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^, 14**^
  Alpine Linux	x64	6, 8, 10, 11, 12, 13, 14
  FreeBSD	i386 amd64	10, 12, 13

  *Linux support refers to Ubuntu, Debian, and CentOS 5+
  ** Not available on CentOS 5
  ^ Only available on x64

• 4.13.1 - 2020-01-16
  

  Community

  • Fix render example syntax (@ ZoranPandovski , #2787)
  • Fix sourceMap option inconsistencies (@ saper , #2394)
  • Fix possible crash in customer importer (@ xzyfer, #2816)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
  OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
  Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^
  Alpine Linux	x64	6, 8, 10, 11, 12, 13
  FreeBSD	i386 amd64	8, 10, 12, 13

  *Linux support refers to Ubuntu, Debian, and CentOS 5+
  ** Not available on CentOS 5
  ^ Only available on x64

• 4.13.0 - 2019-10-24
  

  Features

  • Node 13 support (@ saper, #2766 #2767)

  Community

  • Fix broken link to NodeJS docs in README.md (@ schwigri, #2753)
  • Assorted typo fixes (@ XhmikosR , #2726)
  • Remove PR template (@ nschonni)
  • Remove sudo settings from .travis.yml (@ abetomo, #2673)
  • Add note in PR template about node-gyp 4.0 (@ nschonni)
  • Change note about Node 12 support (@ nschonni)

  Dependencies

  • lodash@^4.17.15 (@ kessenich, #2574)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
  OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
  Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^
  Alpine Linux	x64	6, 8, 10, 11, 12, 13
  FreeBSD	i386 amd64	6, 8, 10, 12, 13

  *Linux support refers to Ubuntu, Debian, and CentOS 5+
  ** Not available on CentOS 5
  ^ Only available on x64

• 4.12.0 - 2019-04-27
  

  Features

  • Node 12 support (@ xzyfer, #2632)

  Community

  • Convert all documentation links to HTTPS (@ asottile, #2608)
  • Remove out dated documentation (@ DerZyklop, #2590)
  • Remove @ adamyeats from maintainers list (@ adamyeats, #2576)
  • Update troubleshooting documentation (@ nschonni, #2454)
  • Clearly document Node version support in README (@ nschonni, #2383)

  Dependencies

  • nan@^2.13.2 (@ xzyfer, #2632)
  • lodash@4.17.11 (@ cheesestringer, #2574)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
  OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
  Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^
  Alpine Linux	x64	6, 8, 10, 11, 12
  FreeBSD	i386 amd64	8, 10, 12

  *Linux support refers to Ubuntu, Debian, and CentOS 5+
  ** Not available on CentOS 5
  ^ Only available on x64

• 4.11.0 - 2018-11-15

from node-sass GitHub release notes

Commit messages

Package name: node-sass

• 0d6c3cc 4.14.1
• 1cc6263 Bump sass-graph@2.2.5 (packaging: install plugins at /usr/share/cloudstack-management/lib apache/cloudstack#2915)
• aa193f6 chore: Add GitHub Actions for Alpine CI
• eac343c 4.14.0
• bbeb78c Update changelog
• 1210aab Fix Backports for 4.11 branch apache/cloudstack#2621: Report libsass version 3.5.5 (Fix config drive iso path on Vmware apache/cloudstack#2769)
• 5a4a48a feat: Add Node 14 support
• b54053a Update changelog
• 01db051 4.13.1
• 338fd7a Merge pull request from GHSA-f6rp-gv58-9cw3
• c6f2e5a doc: README example fix (Fix wizards (new instance and new zone) div width problem in Chrome apache/cloudstack#2787)
• fbc9ff5 Merge pull request Changing to the right api call for securing hosts apache/cloudstack#2754 from saper/no-map-if-not-requested
• 60fad5f 4.13.0
• 43db915 Merge pull request HTML code displayed in Setup Network wizard when adding zone apache/cloudstack#2768 from sass/release-4-13
• 0c8d308 Update references for v4.13 release
• f1cc0d3 Use GCC 6 for Node 12 binaries (storage traffic type reset ui fix  apache/cloudstack#2767)
• 3838eae Use GCC 6 for Node 12 binaries
• e84c6a9 Merge pull request kvm: Agent should not check if remaining memory on host is sufficient apache/cloudstack#2766 from saper/node-modules-79
• 64b6f32 Node 13 support
• 8498f70 Fix CLOUDSTACK-10109: Fix regression from PR #2295 apache/cloudstack#2394: sourceMap option should have consistent behaviour
• 8d0acca Merge pull request provisionCertificate api returns NPE when 'reconnect' parameter is used. apache/cloudstack#2753 from schwigri/master
• b0d4d85 Fix broken link to NodeJS docs in README.md
• 887199a Merge pull request Uploaded Volume cannot be attached to VM with local storage apache/cloudstack#2730 from kessenich/master
• b1f54d7 Fix WIP perform config drive creation on primary storage (CLOUDSTACK-10290) apache/cloudstack#2614 - Update lodash version

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs