Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade sass from 1.49.9 to 1.50.0 #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented May 5, 2022

Snyk has created this PR to upgrade sass from 1.49.9 to 1.50.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 3 versions ahead of your current version.
  • The recommended version was released a month ago, on 2022-04-07.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Remote Code Execution (RCE)
SNYK-JS-EJS-2803307
798/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1
Proof of Concept
Prototype Pollution
SNYK-JS-ASYNC-2441827
798/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: sass
  • 1.50.0 - 2022-04-07

    To install Sass 1.50.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • @ extend now treats :where() the same as :is().

    Command Line Interface

    • Closing the standard input stream will now cause the --watch command to stop running.

    Embedded Sass

    • Fix a bug where the JS embedded host crashed when invoking a legacy importer after resolving a relative filesystem import.

    • Improve error messages when returning non-Object values from legacy importers.

    See the full changelog for changes in earlier releases.

  • 1.49.11 - 2022-04-01

    To install Sass 1.49.11, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Add support for 64-bit ARM releases on Linux.

    Embedded Sass

    • The embedded compiler now correctly sets the id field for all OutboundMessages.

    See the full changelog for changes in earlier releases.

  • 1.49.10 - 2022-03-30

    To install Sass 1.49.10, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Quiet deps mode now silences compiler warnings in mixins and functions that are defined in dependencies even if they're invoked from application stylesheets.

    • In expanded mode, Sass will now emit colors using rgb(), rbga(), hsl(), and hsla() function notation if they were defined using the corresponding notation. As per our browser support policy, this change was only done once 95% of browsers were confirmed to support this output format, and so is not considered a breaking change.

      Note that this output format is intended for human readability and not for interoperability with other tools. As always, Sass targets the CSS specification, and any tool that consumes Sass's output should parse all colors that are supported by the CSS spec.

    • Fix a bug in which a color written using the four- or eight-digit hex format could be emitted as a hex color rather than a format with higher browser compatibility.

    • Calculations are no longer simplified within supports declarations

    See the full changelog for changes in earlier releases.

  • 1.49.9 - 2022-02-24
from sass GitHub release notes
Commit messages
Package name: sass

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant