Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency node-sass to v7 [security] #141

Closed
wants to merge 1 commit into from
Closed

chore(deps): update dependency node-sass to v7 [security] #141

wants to merge 1 commit into from

Conversation

svc-secops
Copy link
Contributor

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
node-sass 6.0.1 -> 7.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

Improper Certificate Validation in node-sass

CVE-2020-24025 / GHSA-r8f7-9pfq-mjmv

More information

Details

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

sass/node-sass (node-sass)

v7.0.0

Compare Source

Breaking changes
Features
Dependencies
Community
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - "after 8am and before 4pm on tuesday" in timezone Etc/UTC.

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@calvincestari calvincestari mentioned this pull request Nov 20, 2023
Merged
@calvincestari
Copy link
Member

Superseded by #151.

@calvincestari calvincestari deleted the renovate/npm-node-sass-vulnerability branch November 20, 2023 19:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvincestari calvincestari calvincestari approved these changes

Assignees
No one assigned
Labels
dependencies vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@svc-secops @calvincestari