Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 2 vulnerabilities #13

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change
medium severity Denial of Service (DoS)
SNYK-JS-NODESASS-540982
Yes
high severity Out-of-bounds Read
SNYK-JS-NODESASS-540986
Yes
Commit messages
Package name: node-sass The new version differs by 191 commits.
  • dfe1f05 Update changelog
  • 8319be2 4.11.0
  • 7929c32 Merge pull request #2543 from sass/libsass-subtreee
  • ea9ffd6 Update sass-spec devDependency to use commit hash
  • a6aab24 Remove call to removed sass_option_push_import_extension
  • f06781d Merge commit '912301673420cdd8fbc1efcd09037206539915ee' as 'src/libsass'
  • 9123016 Squashed 'src/libsass/' content from commit 39e30874
  • 688d654 Remove committed src/libsass
  • 9b7015c Update changelog
  • c65a1bf 4.10.0
  • c73e2fc feat: Add detecton for Node 11 (module 67)
  • 0c31dc2 build: Use GCC 4.9 for Travis Node 10 and 11
  • f74e9cd Update .travis.yml
  • 97849b2 Add Node 11 to TravisCI
  • 4aa3982 Add Node 11 to AppVeyor
  • 746759c Upgrade request package to v.2.88
  • cdf24f2 4.9.3
  • ff64b09 fix: bump node-gyp for hoek fix
  • 33e8b36 Typo: verion -> version
  • 60d9ae9 chore: Remove Travis Gitter hook (#2453)
  • ecfcab0 4.9.2
  • 57c8b59 Stop telling people to run npm rebuild with --force
  • cba089d Remove custom issue template
  • 240e8da 4.9.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant