Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Release Notes
sass/node-sass
### [`v5.0.0`](https://togithub.com/sass/node-sass/releases/v5.0.0)
[Compare Source](https://togithub.com/sass/node-sass/compare/v4.14.1...v5.0.0)
##### Breaking changes
- Only support LTS and current Node versions ([@nschonni](https://togithub.com/nschonni))
- Remove deprecated process.sass API ([@xzyfer](https://togithub.com/xzyfer), [#2986](https://togithub.com/sass/node-sass/issues/2986))
##### Features
- Add support for Node 15
- New node-gyp version that supports building with Python 3
##### Community
- More inclusive documentation ([@rgeerts](https://togithub.com/rgeerts), [#2944](https://togithub.com/sass/node-sass/issues/2944))
- Enabled dependabot ([@nschonni](https://togithub.com/nschonni))
- Improve release automation ([@nschonni](https://togithub.com/nschonni))
##### Fixes
- Bumped many dependencies ([@nschonni](https://togithub.com/nschonni))
#### Supported Environments
| OS | Architecture | Node |
| --- | --- | --- |
| Windows | x86 & x64 | 10, 12, 14, 15 |
| OSX | x64 | 10, 12, 14, 15 |
| Linux\* | x64 | 10, 12, 14, 15 |
| Alpine Linux | x64 | 10, 12, 14, 15 |
| FreeBSD | i386 amd64 | 10, 12, 14, 15 |
\*Linux support refers to major distributions like Ubuntu, and Debian
Configuration
📅 Schedule: "" in timezone America/Lima.
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR contains the following updates:
~4.14.1
->~5.0.0
:warning: MAJOR MAJOR MAJOR :warning:
GitHub Vulnerability Alerts
CVE-2020-24025
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Release Notes
sass/node-sass
### [`v5.0.0`](https://togithub.com/sass/node-sass/releases/v5.0.0) [Compare Source](https://togithub.com/sass/node-sass/compare/v4.14.1...v5.0.0) ##### Breaking changes - Only support LTS and current Node versions ([@nschonni](https://togithub.com/nschonni)) - Remove deprecated process.sass API ([@xzyfer](https://togithub.com/xzyfer), [#2986](https://togithub.com/sass/node-sass/issues/2986)) ##### Features - Add support for Node 15 - New node-gyp version that supports building with Python 3 ##### Community - More inclusive documentation ([@rgeerts](https://togithub.com/rgeerts), [#2944](https://togithub.com/sass/node-sass/issues/2944)) - Enabled dependabot ([@nschonni](https://togithub.com/nschonni)) - Improve release automation ([@nschonni](https://togithub.com/nschonni)) ##### Fixes - Bumped many dependencies ([@nschonni](https://togithub.com/nschonni)) #### Supported Environments | OS | Architecture | Node | | --- | --- | --- | | Windows | x86 & x64 | 10, 12, 14, 15 | | OSX | x64 | 10, 12, 14, 15 | | Linux\* | x64 | 10, 12, 14, 15 | | Alpine Linux | x64 | 10, 12, 14, 15 | | FreeBSD | i386 amd64 | 10, 12, 14, 15 | \*Linux support refers to major distributions like Ubuntu, and DebianConfiguration
📅 Schedule: "" in timezone America/Lima.
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.