Snyk has created this PR to upgrade sass from 1.32.8 to 1.34.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 8 versions ahead of your current version.
The recommended version was released 22 days ago, on 2021-06-02.
To install Sass 1.34.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Don't emit the same warning in the same location multiple times.
Cap deprecation warnings at 5 per feature by default.
Command Line Interface
Add a --quiet-deps flag which silences compiler warnings from stylesheets loaded through --load-paths.
Add a --verbose flag which causes the compiler to emit all deprecation warnings, not just 5 per feature.
Dart API
Add a quietDeps argument to compile(), compileString(), compileAsync(), and compileStringAsync() which silences compiler warnings from stylesheets loaded through importers, load paths, and package: URLs.
Add a verbose argument to compile(), compileString(), compileAsync(), and compileStringAsync() which causes the compiler to emit all deprecation warnings, not just 5 per feature.
To install Sass 1.33.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Deprecate the use of / for division. The new math.div() function should be used instead. See this page for details.
Add a list.slash() function that returns a slash-separated list.
Potentially breaking bug fix: The heuristics around when potentially slash-separated numbers are converted to slash-free numbers—for example, when 1/2 will be printed as 0.5 rather than 1/2—have been slightly expanded. Previously, a number would be made slash-free if it was passed as an argument to a user-defined function, but not to a built-in function. Now it will be made slash-free in both cases. This is a behavioral change, but it's unlikely to affect any real-world stylesheets.
Fix a bug where non-integer numbers that were very close to integer values would be incorrectly formatted in CSS.
Fix a bug where very small number and very large negative numbers would be incorrectly formatted in CSS.
JS API
The this context for importers now has a fromImport field, which is true if the importer is being invoked from an @ import and false otherwise. Importers should only use this to determine whether to load import-only files.
Dart API
Add an Importer.fromImport getter, which is true if the current Importer.canonicalize() call comes from an @ import rule and false otherwise. Importers should only use this to determine whether to load import-only files.
To install Sass 1.32.13, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Potentially breaking bug fix: Null values in @ use and @ forward configurations no longer override the !default variable, matching the behavior of the equivalent code using @ import.
Use the proper parameter names in error messages about string.slice
To install Sass 1.32.12, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Fix a bug that disallowed more than one module from extending the same selector from a module if that selector itself extended a selector from another upstream module.
To install Sass 1.32.9, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Fix a typo in a deprecation warning.
JavaScript API
Drop support for Chokidar 2.x. This version was incompatible with Node 14, but due to shortcomings in npm's version resolver sometimes still ended up installed anyway. Only declaring support for 3.0.0 should ensure compatibility going forward.
Dart API
Allow the null safety release of args and watcher.
Snyk has created this PR to upgrade sass from 1.32.8 to 1.34.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-SSRI-1246392
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-SSRI-1085630
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-SSRI-1246392
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-SSRI-1085630
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-DNSPACKET-1293563
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-WS-1296835
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-POSTCSS-1255640
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-POSTCSS-1090595
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-PATHPARSE-1077067
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ISSVG-1243891
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ISSVG-1085627
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-HOSTEDGITINFO-1088355
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-COLORSTRING-1082939
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-BROWSERSLIST-1090194
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: sass
To install Sass 1.34.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Fix a bug where
--update
would always compile any file that depends on a built-in module.Fix the URL for the
@-moz-document
deprecation message.Fix a bug with
@ for
loops nested inside property declarations.See the full changelog for changes in earlier releases.
To install Sass 1.34.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Don't emit the same warning in the same location multiple times.
Cap deprecation warnings at 5 per feature by default.
Command Line Interface
Add a
--quiet-deps
flag which silences compiler warnings from stylesheets loaded through--load-path
s.Add a
--verbose
flag which causes the compiler to emit all deprecation warnings, not just 5 per feature.Dart API
Add a
quietDeps
argument tocompile()
,compileString()
,compileAsync()
, andcompileStringAsync()
which silences compiler warnings from stylesheets loaded through importers, load paths, andpackage:
URLs.Add a
verbose
argument tocompile()
,compileString()
,compileAsync()
, andcompileStringAsync()
which causes the compiler to emit all deprecation warnings, not just 5 per feature.See the full changelog for changes in earlier releases.
To install Sass 1.33.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
/
for division. The newmath.div()
function should be used instead. See this page for details.Add a
list.slash()
function that returns a slash-separated list.Potentially breaking bug fix: The heuristics around when potentially slash-separated numbers are converted to slash-free numbers—for example, when
1/2
will be printed as0.5
rather than1/2
—have been slightly expanded. Previously, a number would be made slash-free if it was passed as an argument to a user-defined function, but not to a built-in function. Now it will be made slash-free in both cases. This is a behavioral change, but it's unlikely to affect any real-world stylesheets.:is()
now behaves identically to:matches()
.Fix a bug where non-integer numbers that were very close to integer values would be incorrectly formatted in CSS.
Fix a bug where very small number and very large negative numbers would be incorrectly formatted in CSS.
JS API
this
context for importers now has afromImport
field, which istrue
if the importer is being invoked from an@ import
andfalse
otherwise. Importers should only use this to determine whether to load import-only files.Dart API
Importer.fromImport
getter, which istrue
if the currentImporter.canonicalize()
call comes from an@ import
rule andfalse
otherwise. Importers should only use this to determine whether to load import-only files.See the full changelog for changes in earlier releases.
To install Sass 1.32.13, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
Potentially breaking bug fix: Null values in
@ use
and@ forward
configurations no longer override the!default
variable, matching the behavior of the equivalent code using@ import
.Use the proper parameter names in error messages about
string.slice
See the full changelog for changes in earlier releases.
To install Sass 1.32.12, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
See the full changelog for changes in earlier releases.
To install Sass 1.32.11, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
See the full changelog for changes in earlier releases.
To install Sass 1.32.10, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
See the full changelog for changes in earlier releases.
To install Sass 1.32.9, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes
JavaScript API
Dart API
Command Line Interface
-w
shorthand for the--watch
flag.See the full changelog for changes in earlier releases.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs