Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

v4.11.0 and v4.12.0 binaries say using libsass 3.5.4 instead of 3.5.5 #2621

Closed
narve opened this issue Apr 2, 2019 · 4 comments · Fixed by #2769, Madis0/madis0.github.io#5, behnejad/quera#8, HarryMaher/harrymaher.github.io#14 or Zemhart/project_UAS_PHP#16
Closed

v4.11.0 and v4.12.0 binaries say using libsass 3.5.4 instead of 3.5.5 #2621

narve opened this issue Apr 2, 2019 · 4 comments · Fixed by #2769, Madis0/madis0.github.io#5, behnejad/quera#8, HarryMaher/harrymaher.github.io#14 or Zemhart/project_UAS_PHP#16
Labels
Bug - Confirmed Module - Binding

Comments

@narve
Copy link

narve commented Apr 2, 2019
edited
Loading

What the title says... at least for me, after doing a clean install of node-sass:

> npx node-sass --version
node-sass       4.11.0  (Wrapper)       [JavaScript]
libsass         3.5.4   (Sass Compiler) [C/C++]
> npm --version 
6.4.1
> node --version
v11.2.0

Please release a new version with 3.5.5 (or later) due to security vulnerabilities.

And at a minimum the documentation should be updated to state the version it actually uses.

If needed I can try to submit a PR.

(Windows 10 Enterprise, vr 10.0.16299, 64bit)
@saifali96
Copy link

Thanks @narve same here, I just checked as well. My security vulnerability scanners are crying since yesterday under CVE-2018-11693.

@wesgro
Copy link

wesgro commented May 15, 2019

4.12 still references 3.5.4

@hoona
Copy link

hoona commented May 20, 2019

Same here, 4.12 referencing libsass 3.5.4, triggering vulnerabilities and making our security folks unhappy.

@saper saper changed the title Vr 4.11 says it has upgraded libsass to 3.5.5 but it actually uses 3.5.4 v4.11.0 and v4.12.0 binaries say using libsass 3.5.4 instead of 3.5.5 Oct 17, 2019
@saper
Copy link
Member

saper commented Oct 17, 2019

From what I see only the version number did not get updated. The code is really using libsass 3.5.5.

saper added a commit to saper/node-sass that referenced this issue Oct 23, 2019
@saper
Fix sass#2621: Report libsass 3.5.5
6f8966b
@saper saper mentioned this issue Oct 23, 2019
Merged
@saper saper mentioned this issue Jan 31, 2020
Closed
xzyfer pushed a commit that referenced this issue Apr 22, 2020
@saper
Fix #2621: Report libsass version 3.5.5 (#2769)
1210aab
This was referenced Apr 26, 2020
Merged
Merged
Closed
Merged
Open
@snyk-bot snyk-bot mentioned this issue May 7, 2020
Merged
This was referenced Mar 9, 2021
Open
Closed
Merged
Open
Open
Open
Open
Open
Merged
Closed
Open
Merged
This was referenced Mar 15, 2021
Open
Open
Open
Open
Merged
Open
Open
Open
Open
Closed
Open
Merged
Open
Open
Open
Merged
Merged
@JustinZeyeum JustinZeyeum mentioned this issue Jun 6, 2024
Open
@keiserjb keiserjb mentioned this issue Jun 18, 2024
Open
@sebastianthulin sebastianthulin mentioned this issue Nov 6, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Bug - Confirmed Module - Binding
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #2621: Report libsass version 3.5.5 saper/node-sass
Bump node-sass from 4.12.0 to 4.14.1 Madis0/madis0.github.io
Bump node-sass from 4.9.3 to 4.14.1 in /technology-21226 behnejad/quera
Bump node-sass from 4.11.0 to 4.14.1 in /date-ideas HarryMaher/harrymaher.github.io
Bump node-sass from 4.5.2 to 4.14.1 Zemhart/project_UAS_PHP
Bump node-sass from 4.9.0 to 4.14.1 in /Angular/WeatherAPI/WatherAPI ManspergerMichael/Coding-Dojo-MEAN
Bump node-sass from 4.13.0 to 4.14.1 in /plugins/bc-admin-third/__assets baserproject/ucmitz
Bump node-sass from 4.9.3 to 4.14.1 in /todo-app sylhare/Angular
Bump node-sass from 4.12.0 to 4.14.1 Kroshka-Shi/531323-nerds
Bump node-sass from 4.10.0 to 4.14.1 in /Librerias-CSS-JS/imagehover.io-(IMG-Hover)/imagehover.css-master joseantonio098/Practicas-Frontend-Web
5 participants
@narve @saper @wesgro @hoona @saifali96