Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency node-sass to v7 [SECURITY] - abandoned #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Nov 16, 2020

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
node-sass ^4.5.0 -> ^7.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-9v62-24cr-58cx

Affected versions of node-sass are vulnerable to Denial of Service (DoS). Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::get_importer_entry and CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.

Recommendation

Upgrade to version 4.13.1 or later

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.


Release Notes

sass/node-sass

v7.0.0

Compare Source

Breaking changes
Features
Dependencies
Community
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Compare Source

Dependencies
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 16
Community

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v5.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 15
  • New node-gyp version that supports building with Python 3
Community
Fixes

Supported Environments

OS Architecture Node
Windows x86 & x64 10, 12, 14, 15
OSX x64 10, 12, 14, 15
Linux* x64 10, 12, 14, 15
Alpine Linux x64 10, 12, 14, 15
FreeBSD i386 amd64 10, 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v4.14.1

Compare Source

Community
Fixes

Supported Environments

OS Architecture Node
Windows x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
OSX x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
Linux* x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^, 14**^
Alpine Linux x64 6, 8, 10, 11, 12, 13, 14
FreeBSD i386 amd64 10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+
** Not available on CentOS 5
^ Only available on x64

v4.14.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.14.0

v4.13.1

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.13.0

v4.12.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.12.0

v4.11.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.11.0

v4.10.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.10.0

v4.9.4

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.9.4

v4.9.3

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.9.3

v4.9.2

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.9.2

v4.9.1

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.9.1


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from 714bab0 to 64c7a95 Compare November 29, 2020 01:44
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from 87c5d9e to f36d6ea Compare January 4, 2021 23:42
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from f36d6ea to 7fe80b4 Compare January 10, 2021 01:10
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from dd106a5 to 551973c Compare February 10, 2021 13:55
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 551973c to 0cf1e03 Compare April 26, 2021 17:26
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 0cf1e03 to 429f53b Compare May 9, 2021 21:38
@renovate renovate bot changed the title Update dependency node-sass to v4.13.1 [SECURITY] Update dependency node-sass to v7 [SECURITY] Mar 7, 2022
@renovate renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 429f53b to dc2d423 Compare March 7, 2022 16:08
@renovate
Copy link
Author

renovate bot commented Mar 24, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Copy link
Author

renovate bot commented Feb 4, 2024

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

@renovate renovate bot changed the title Update dependency node-sass to v7 [SECURITY] Update dependency node-sass to v7 [SECURITY] - abandoned Feb 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant