search

department-of-veterans-affairs / va.gov-team

Public resources for building on and in support of VA.gov. Visit complete Knowledge Hub:
https://depo-platform-documentation.scrollhelp.site/index.html
281 stars 197 forks source link

(HIGH) - Regular expression denial of service in scss-tokenizer #80582

Open pjhill opened 4 months ago

pjhill commented 4 months ago

Description

https://github.com/department-of-veterans-affairs/vets-website/security/dependabot/55

Acceptance Criteria

pjhill commented 4 months ago

The latest version of node-sass that we can upgrade to without upgrading node is 4.14.1 which is what we are already running.

image.png
pjhill commented 4 months ago

Essentially, this one is blocked by the node upgrade.