Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability in node-sass > sass-graph > yargs > yargs-parser #2912

Closed
stefano-pietroiusti opened this issue May 1, 2020 · 4 comments
Closed

Comments

@stefano-pietroiusti
Copy link

@stefano-pietroiusti stefano-pietroiusti commented May 1, 2020

After npm install --save-dev node-sass sass-loader

  • "node-sass": "^4.14.0",
    
  • "sass-loader": "^8.0.2"
    

Get this report:
Low Prototype Pollution

Package yargs-parser

Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2

Dependency of node-sass [dev]

Path node-sass > sass-graph > yargs > yargs-parser

More info https://npmjs.com/advisories/1500

@andrewphillipo

This comment has been minimized.

@rafaeljosem

This comment has been minimized.

xzyfer added a commit that referenced this issue May 4, 2020
This release fixes #2912 without breaking BC. See xzyfer/sass-graph#110
@wdews-charter

This comment has been minimized.

@xzyfer xzyfer closed this in #2915 May 4, 2020
@xzyfer
Copy link
Contributor

@xzyfer xzyfer commented May 4, 2020

Fixed in v4.14.1

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

5 participants