[Snyk] Security upgrade node-sass from 4.9.0 to 9.0.0 #32
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HAWK-6969142 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 - https://snyk.io/vuln/SNYK-JS-QS-3153490 - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 - https://snyk.io/vuln/npm:sshpk:20180409 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASHMERGEWITH-174136 - https://snyk.io/vuln/SNYK-JS-Y18N-1021887 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/npm:stringstream:20180511 - https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922 - https://snyk.io/vuln/SNYK-JS-LODASHMERGEWITH-174137 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 - https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/SNYK-JS-HAWK-2808852 - https://snyk.io/vuln/SNYK-JS-FSTREAM-174725 - https://snyk.io/vuln/npm:extend:20180424 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/npm:cryptiles:20180710
Micro-Learning Topic: Regular expression denial of service (Detected by phrase)Matched on "Regular Expression Denial of Service"Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability. Try a challenge in Secure Code WarriorMicro-Learning Topic: Authentication bypass (Detected by phrase)Matched on "Authentication Bypass"Improper authentication happens when mechanisms intended to identify the user are flawed (easily tamperable or insufficient). This would allow an attacker to bypass access controls or to easily impersonate a user. Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Code injection (Detected by phrase)Matched on "Code Injection"Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server. Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Denial of service (Detected by phrase)Matched on "Denial of Service"The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service Try a challenge in Secure Code WarriorMicro-Learning Topic: Insecure randomness (Detected by phrase)Matched on "Insecure Randomness"This vulnerability manifests when some security construct depends on a random component and this component is somehow guessable -or just not random-. Try a challenge in Secure Code WarriorHelpful references
Micro-Learning Topic: Prototype pollution (Detected by phrase)Matched on "Prototype Pollution"By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf). Try a challenge in Secure Code Warrior |
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix 29 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-HAWK-6969142
SNYK-JS-LODASH-567746
SNYK-JS-LODASH-6139239
SNYK-JS-QS-3153490
SNYK-JS-SEMVER-3247795
npm:sshpk:20180409
SNYK-JS-LODASH-450202
SNYK-JS-LODASH-608086
SNYK-JS-LODASH-73638
SNYK-JS-LODASHMERGEWITH-174136
SNYK-JS-Y18N-1021887
SNYK-JS-LODASH-1040724
npm:stringstream:20180511
SNYK-JS-JSONSCHEMA-1920922
SNYK-JS-LODASHMERGEWITH-174137
npm:hoek:20180212
npm:lodash:20180130
SNYK-JS-AJV-584908
SNYK-JS-MINIMIST-559764
SNYK-JS-YARGSPARSER-560381
SNYK-JS-HOSTEDGITINFO-1088355
SNYK-JS-LODASH-1018905
SNYK-JS-HAWK-2808852
SNYK-JS-FSTREAM-174725
npm:extend:20180424
SNYK-JS-LODASH-73639
SNYK-JS-MINIMIST-2429795
SNYK-JS-MINIMATCH-3050818
npm:cryptiles:20180710
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Authentication Bypass
🦉 More lessons are available in Snyk Learn