oaeproject / Biscuit-ux

Band new advanced modern shiny and experimental frontend for OAE
1 stars 3 forks source link

[Snyk] Security upgrade node-sass from 4.12.0 to 4.13.1 #59

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 715/1000
Why? Has a fix available, CVSS 9.8
Use After Free
SNYK-JS-NODESASS-535497
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: node-sass The new version differs by 24 commits.
  • b54053a Update changelog
  • 01db051 4.13.1
  • 338fd7a Merge pull request from GHSA-f6rp-gv58-9cw3
  • c6f2e5a doc: README example fix (#2787)
  • fbc9ff5 Merge pull request #2754 from saper/no-map-if-not-requested
  • 60fad5f 4.13.0
  • 43db915 Merge pull request #2768 from sass/release-4-13
  • 0c8d308 Update references for v4.13 release
  • f1cc0d3 Use GCC 6 for Node 12 binaries (#2767)
  • 3838eae Use GCC 6 for Node 12 binaries
  • e84c6a9 Merge pull request #2766 from saper/node-modules-79
  • 64b6f32 Node 13 support
  • 8498f70 Fix #2394: sourceMap option should have consistent behaviour
  • 8d0acca Merge pull request #2753 from schwigri/master
  • b0d4d85 Fix broken link to NodeJS docs in README.md
  • 887199a Merge pull request #2730 from kessenich/master
  • b1f54d7 Fix #2614 - Update lodash version
  • 96aa279 Merge pull request #2726 from XhmikosR/master-xmr-typos
  • 8421979 Assorted typo fixes.
  • 2513e6a chore: Remove PR template
  • 7ab387c Merge pull request #2673 from abetomo/remove_sudo_setting_from_travis
  • 15355dd Remove sudo settings from .travis.yml
  • 0c1a49e chore: Add not in PR template about node-gyp 4.0
  • e59f5ba chore: Change note about Node 12 support
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic