Update dependency node-sass to v7 [SECURITY] by renovate[bot] · Pull Request #52 · Jonic/sonicpi-samples

renovate · 2021-04-26T13:33:13Z

This PR contains the following updates:

Package	Change	Age	Confidence
node-sass	`4.12.0` → `7.0.0`

GitHub Vulnerability Alerts

GHSA-9v62-24cr-58cx

Affected versions of node-sass are vulnerable to Denial of Service (DoS). Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::get_importer_entry and CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.

Recommendation

Upgrade to version 4.13.1 or later

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

Release Notes

sass/node-sass (node-sass)

`v7.0.0`

Compare Source

Breaking changes

Drop support for Node 15 (@nschonni)
Set rejectUnauthorized to true by default (@scott-ut, #3149)

Features

Add support for Node 17 (@nschonni)

Dependencies

Bump eslint from 7.32.0 to 8.0.0 (@nschonni, #3191)
Bump fs-extra from 0.30.0 to 10.0.0 (@nschonni, #3102)
Bump npmlog from 4.1.2 to 5.0.0 (@nschonni, #3156)
Bump chalk from 1.1.3 to 4.1.2 (@nschonni, #3161)

Community

Remove double word "support" from documentation (@pzrq, #3159)

Misc

Bump various GitHub Actions dependencies (@nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 16, 17
OSX	x64	12, 14, 16, 17
Linux*	x64	12, 14, 16, 17
Alpine Linux	x64	12, 14, 16, 17
FreeBSD	i386 amd64	12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

`v6.0.1`

Compare Source

Dependencies

Remove mkdirp (@jimmywarting, #3108)
Bump meow to 9.0.0 (@ykolbin, #3125)
Bump mocha to 9.0.1 (@xzyfer, #3134)

Misc

Use default Apline version from docker-node (@nschonni, #3121)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 15, 16
OSX	x64	12, 14, 15, 16
Linux*	x64	12, 14, 15, 16
Alpine Linux	x64	12, 14, 15, 16
FreeBSD	i386 amd64	12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

`v6.0.0`

Compare Source

Breaking changes

Drop support for Node 10 (@nschonni)
Remove deprecated process.sass API (@xzyfer, #2986)

Features

Add support for Node 16

Community

Fix typos in Troubleshooting guide (@independencyinjection, #3051)
Improve dependabot configuration (@nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 15, 16
OSX	x64	12, 14, 15, 16
Linux*	x64	12, 14, 15, 16
Alpine Linux	x64	12, 14, 15, 16
FreeBSD	i386 amd64	12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

`v5.0.0`

Compare Source

Breaking changes

Only support LTS and current Node versions (@nschonni)
Remove deprecated process.sass API (@xzyfer, #2986)

Features

Add support for Node 15
New node-gyp version that supports building with Python 3

Community

More inclusive documentation (@rgeerts, #2944)
Enabled dependabot (@nschonni)
Improve release automation (@nschonni)

Fixes

Bumped many dependencies (@nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	10, 12, 14, 15
OSX	x64	10, 12, 14, 15
Linux*	x64	10, 12, 14, 15
Alpine Linux	x64	10, 12, 14, 15
FreeBSD	i386 amd64	10, 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

`v4.14.1`

Compare Source

Community

Add GitHub Actions for Alpine CI (@nschonni, #2823)

Fixes

Bump sass-graph@2.2.5 (@xzyfer, #2912)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10^, 11^, 12^, 13^, 14**^
Alpine Linux	x64	6, 8, 10, 11, 12, 13, 14
FreeBSD	i386 amd64	10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+
** Not available on CentOS 5
^ Only available on x64

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 29c5cfc to cb3a55a Compare October 19, 2021 00:15

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from cb3a55a to 302b7d7 Compare March 7, 2022 11:52

renovate bot changed the title ~~Update dependency node-sass to v4.13.1 [SECURITY]~~ Update dependency node-sass to v7.0.0 [SECURITY] Mar 7, 2022

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 302b7d7 to 59058bc Compare March 26, 2022 13:18

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 59058bc to 7b88955 Compare April 25, 2022 02:35

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from 3a120c3 to 7ee426a Compare June 23, 2022 23:43

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 7ee426a to 4998fac Compare September 25, 2022 22:20

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 4998fac to d8345e9 Compare November 20, 2022 10:50

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from d8345e9 to 0706305 Compare March 16, 2023 06:40

renovate bot changed the title ~~Update dependency node-sass to v7.0.0 [SECURITY]~~ Update dependency node-sass to v7 [SECURITY] Mar 24, 2023

renovate bot changed the title ~~Update dependency node-sass to v7 [SECURITY]~~ Update dependency node-sass to v7 [SECURITY] - autoclosed Dec 8, 2024

renovate bot closed this Dec 8, 2024

renovate bot deleted the renovate/npm-node-sass-vulnerability branch December 8, 2024 18:58

renovate bot changed the title ~~Update dependency node-sass to v7 [SECURITY] - autoclosed~~ Update dependency node-sass to v7 [SECURITY] Dec 8, 2024

renovate bot reopened this Dec 8, 2024

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 0f1ab8e to 0706305 Compare December 8, 2024 23:52

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 0706305 to 5aa1543 Compare August 10, 2025 14:59

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 5aa1543 to 061f5bc Compare December 3, 2025 18:51

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 061f5bc to 38ab656 Compare February 2, 2026 18:06

Update dependency node-sass to v7 [SECURITY]

38a4cc9

renovate bot force-pushed the renovate/npm-node-sass-vulnerability branch from 38ab656 to 38a4cc9 Compare February 12, 2026 10:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency node-sass to v7 [SECURITY]#52

Update dependency node-sass to v7 [SECURITY]#52
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-node-sass-vulnerability

renovate bot commented Apr 26, 2021 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate bot commented Apr 26, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Recommendation

Release Notes

Breaking changes

Features

Dependencies

Community

Misc

Supported Environments

Dependencies

Misc

Supported Environments

Breaking changes

Features

Community

Supported Environments

Breaking changes

Features

Community

Fixes

Supported Environments

Community

Fixes

Supported Environments

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Apr 26, 2021 •

edited

Loading