[Snyk] Upgrade sass from 1.69.5 to 1.76.0

[varmoh]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sass from 1.69.5 to 1.76.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.

• The recommended version was released 22 days ago, on 2024-04-30.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	No Known Exploit
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	554/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sass

• 1.76.0 - 2024-04-30
  

  To install Sass 1.76.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  • Throw errors for misplaced statements in keyframe blocks.

  • Mixins and functions whose names begin with -- are now deprecated for forwards-compatibility with the in-progress CSS functions and mixins spec. This deprecation is named css-function-mixin.

  See the full changelog for changes in earlier releases.

• 1.75.0 - 2024-04-11
  

  To install Sass 1.75.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  • Fix a bug in which stylesheet canonicalization could be cached incorrectly when custom importers or the Node.js package importer made decisions based on the URL of the containing stylesheet.

  JS API

  • Allow importer to be passed without url in StringOptionsWithImporter.

  See the full changelog for changes in earlier releases.

• 1.74.1 - 2024-04-04
  

  To install Sass 1.74.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  • No user-visible changes.

  See the full changelog for changes in earlier releases.

• 1.72.0 - 2024-03-13
• 1.71.1 - 2024-02-21
• 1.71.0 - 2024-02-16
• 1.70.0 - 2024-01-18
• 1.69.7 - 2024-01-02
• 1.69.6 - 2023-12-28
• 1.69.5 - 2023-10-26

from sass GitHub release notes

Commit messages

Package name: sass

• 264b2d5 Deprecate function and mixin names beginning with `--` (#2230)
• f145e1c Throw errors for misplaced statements in keyframe blocks (#2226)
• eafc279 Explicitly add a breaking change exemption for invalid CSS output (#2225)
• b97f26f Add a per-importer cache for loads that aren't cacheable en masse (#2219)
• 2a9eaad Implement access tracking for containingUrl (#2220)
• 821b98e Don't cache canonicalize calls when `containingUrl` is available (#2215)
• c5aff1b Make it possible to build npm with a linked language repo (#2214)
• 1137797 Fix bulma and release 1.74.1 (#2210)
• d9220d9 Complete implementation the deprecations API (#2207)
• 783c248 Fix typo in function documentation (#2205)
• c8d0643 Better handle filesystem importers when load paths aren't necessary (#2203)
• 9302b35 Add support for nesting in plain CSS (#2198)
• 772280a Support linux-riscv64 and windows-arm64 (#2201)
• ce16b35 Cut a release (#2194)
• 9af6bbf Properly handle `pkg:` imports with args (#2193)
• 0330491 Update to node 20 (#2192)
• 48e2d0c Preserve underscores in `VariableExpression.toString()` (#2185)
• 6e2d637 Allow adjacent forward slashes in plain CSS expressions (#2190)
• fa4d909 Bump softprops/action-gh-release from 1 to 2 (#2191)
• fd67fe6 [Hotfix Node Package Importer]- Handle subpath without extensions (#2184)
• 1b4d703 Release 1.71.1 (#2182)
• 6d66c43 Properly handle `new NodePackageImporter()` with an ESM entrypoint (#2181)
• 85a932f Add missing ESM export of NodePackageImporter (#2177)
• 786dd63 Fix linux musl builds (#2175)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.