search

Capgemini / mesos-ui

An alternative web UI for Apache Mesos, built with :heart: and React.JS
http://capgemini.github.io/devops/mesos-ui
MIT License
220 stars 48 forks source link

[Snyk] Security upgrade node-sass from 3.3.3 to 3.7.0 #122

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 550/1000
Why? Has a fix available, CVSS 6.5		 Out-of-Bounds
SNYK-JS-NODESASS-535498		 No No Known Exploit
medium severity 550/1000
Why? Has a fix available, CVSS 6.5		 NULL Pointer Dereference
SNYK-JS-NODESASS-535502		 No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Out-of-bounds Read
SNYK-JS-NODESASS-540956		 No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Out-of-bounds Read
SNYK-JS-NODESASS-540958		 No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 Uncontrolled Recursion
SNYK-JS-NODESASS-540964		 No No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8		 NULL Pointer Dereference
SNYK-JS-NODESASS-540974		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Denial of Service (DoS)
SNYK-JS-NODESASS-540978		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Denial of Service (DoS)
SNYK-JS-NODESASS-540980		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Out-of-bounds Read
SNYK-JS-NODESASS-540990		 No No Known Exploit
medium severity 429/1000
Why? Has a fix available, CVSS 4.3		 NULL Pointer Dereference
SNYK-JS-NODESASS-540992		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 NULL Pointer Dereference
SNYK-JS-NODESASS-540994		 No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Out-of-bounds Read
SNYK-JS-NODESASS-540996		 No No Known Exploit
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Out-of-Bounds
SNYK-JS-NODESASS-540998		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-sass The new version differs by 173 commits.
  • 9938557 v3.7.0
  • ca05f39 Attempt to fix AppVeyor tag race condition (#1519)
  • 6027012 v3.7.0
  • e1250eb Add Node 6 config to Travis (#1517)
  • 15fe42e Node 6 with AppVeyor: don't use subst for testing (#1514)
  • 0bc5da4 Simplify Node versions in Travis Ci (#1500)
  • b850684 Replace deprecated npmconf package. (#1492)
  • ff17933 Fix final Node 6 deprecation warnings (#1498)
  • b0e1e1b Add Node 6 as a supported runtime (#1499)
  • 9c71aef Update NAN to at least 2.3.2 (#1496)
  • 9de9a47 Remove .only in tests
  • c56f4a1 Add supported node versions to readme
  • b527e60 Improve error message for unsupported environments (#1491)
  • e232674 Replace TODO URL with release tab for supported versions (#1488)
  • a405400 v3.6.0
  • 3dcb6e2 Bump LibSass to 3.3.6 (#1476)
  • ca96aa7 Fix typo
  • a4a7aad v3.5.3
  • 03bd69e Revert "Replace "request" by "got""
  • 7e0c359 v3.5.2
  • 40aeee4 Revert removal on npmconf
  • d707218 Bump v3.5.1 because npm
  • a15f54c Merge pull request #1452 from saper/fix-build
  • 4f420a5 Use "double quotes" around the binding file name
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic