Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability in node-sass > sass-graph > yargs > yargs-parser #2912

stefano-pietroiusti opened this issue May 1, 2020 · 4 comments


Copy link

@stefano-pietroiusti stefano-pietroiusti commented May 1, 2020

After npm install --save-dev node-sass sass-loader

  • "node-sass": "^4.14.0",
  • "sass-loader": "^8.0.2"

Get this report:
Low Prototype Pollution

Package yargs-parser

Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2

Dependency of node-sass [dev]

Path node-sass > sass-graph > yargs > yargs-parser

More info


This comment has been minimized.


This comment has been minimized.

xzyfer added a commit that referenced this issue May 4, 2020
This release fixes #2912 without breaking BC. See xzyfer/sass-graph#110

This comment has been minimized.

@xzyfer xzyfer closed this in #2915 May 4, 2020
Copy link

@xzyfer xzyfer commented May 4, 2020

Fixed in v4.14.1


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

5 participants