Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@nx/webpack > sass-loader version too old #26935

Closed
vergilfromadyen opened this issue Jul 15, 2024 · 1 comment
Closed

@nx/webpack > sass-loader version too old #26935

vergilfromadyen opened this issue Jul 15, 2024 · 1 comment
Assignees
@ndcunningham
Labels
scope: bundlers Issues related to webpack, rollup stale type: bug

Comments

@vergilfromadyen
Copy link
Contributor

vergilfromadyen commented Jul 15, 2024
edited
Loading

@nx/webpack uses sass-loader@^12.2.0 which is 3 years old. It includes node-sass as a peerDependency and since some npm 7+ installs peerDependencies by default, this leads to some pretty old software with several vulnerabilities getting auto-installed.

node-sass has the following vulnerabilities reported:

The fix would be to update sass-loader to a recent version (14.2.1), and while the breaking changes are pretty small, I'm not sure how NX wants to handle them which is why I haven't opened a PR. That said, here is a cumulative list of breaking changes between v12 and v14:
@FrozenPandaz FrozenPandaz added the scope: bundlers Issues related to webpack, rollup label Jul 16, 2024
ndcunningham added a commit that referenced this issue Oct 16, 2024
@ndcunningham
fix(core): update sass-loader
2afa663 
BREAKING CHANGE: Node.js version 18.12.0

closed #26935
@ndcunningham ndcunningham mentioned this issue Oct 16, 2024
Closed
ndcunningham added a commit that referenced this issue Oct 16, 2024
@ndcunningham
fix(core): update sass-loader
28ceba4 
BREAKING CHANGE: Node.js version 18.12.0

closed #26935
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it hasn't had any activity for 6 months.
Many things may have changed within this time. The issue may have already been fixed or it may not be relevant anymore.
If at this point, this is still an issue, please respond with updated information.
It will be closed in 21 days if no further activity occurs.
Thanks for being a part of the Nx community! 🙏

@github-actions github-actions bot added the stale label Jan 13, 2025
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ndcunningham ndcunningham

Labels
scope: bundlers Issues related to webpack, rollup stale type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(core): update sass-loader nrwl/nx
3 participants
@ndcunningham @FrozenPandaz @vergilfromadyen