Vulnerability found in npm audit

maoberlehner / node-sass-magic-importer

Custom node-sass importer for selector specific imports, module importing, globbing support and importing files only once.

MIT License

292 stars 28 forks source link

Vulnerability found in npm audit #238

Open amortiz opened 3 years ago

amortiz commented 3 years ago

Npm audit reports 4 high vulnerabilities (all from same single import), found in latest 5.3.2 node-sass-magic-importer version

High            Prototype Pollution in set-value
Package         set-value
Patched in      >=4.0.1
Dependency of   node-sass-magic-importer [dev]
Path            node-sass-magic-importer > findup-sync > micromatch >
                  snapdragon > base > cache-base > set-value
More info       https://github.com/advisories/GHSA-4jqc-8m5r-9rpr