Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Release Notes
sass/node-sass
### [`v7.0.0`](https://togithub.com/sass/node-sass/releases/v7.0.0)
[Compare Source](https://togithub.com/sass/node-sass/compare/v6.0.1...v7.0.0)
##### Breaking changes
- Drop support for Node 15 ([@nschonni](https://togithub.com/nschonni))
- Set `rejectUnauthorized` to `true` by default ([@scott-ut](https://togithub.com/scott-ut), [#3149](https://togithub.com/sass/node-sass/issues/3149))
##### Features
- Add support for Node 17 ([@nschonni](https://togithub.com/nschonni))
##### Dependencies
- Bump eslint from 7.32.0 to 8.0.0 ([@nschonni](https://togithub.com/nschonni), [#3191](https://togithub.com/sass/node-sass/issues/3191))
- Bump fs-extra from 0.30.0 to 10.0.0 ([@nschonni](https://togithub.com/nschonni), [#3102](https://togithub.com/sass/node-sass/issues/3102))
- Bump npmlog from 4.1.2 to 5.0.0 ([@nschonni](https://togithub.com/nschonni), [#3156](https://togithub.com/sass/node-sass/issues/3156))
- Bump chalk from 1.1.3 to 4.1.2 ([@nschonni](https://togithub.com/nschonni), [#3161](https://togithub.com/sass/node-sass/issues/3161))
##### Community
- Remove double word "support" from documentation ([@pzrq](https://togithub.com/pzrq), [#3159](https://togithub.com/sass/node-sass/issues/3159))
##### Misc
- Bump various GitHub Actions dependencies ([@nschonni](https://togithub.com/nschonni))
#### Supported Environments
| OS | Architecture | Node |
| --- | --- | --- |
| Windows | x86 & x64 | 12, 14, 16, 17 |
| OSX | x64 | 12, 14, 16, 17 |
| Linux\* | x64 | 12, 14, 16, 17 |
| Alpine Linux | x64 | 12, 14, 16, 17 |
| FreeBSD | i386 amd64 | 12, 14 |
\*Linux support refers to major distributions like Ubuntu, and Debian
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled due to failing status checks.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR contains the following updates:
6.0.1->7.0.0GitHub Vulnerability Alerts
CVE-2020-24025
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.
Release Notes
sass/node-sass
### [`v7.0.0`](https://togithub.com/sass/node-sass/releases/v7.0.0) [Compare Source](https://togithub.com/sass/node-sass/compare/v6.0.1...v7.0.0) ##### Breaking changes - Drop support for Node 15 ([@nschonni](https://togithub.com/nschonni)) - Set `rejectUnauthorized` to `true` by default ([@scott-ut](https://togithub.com/scott-ut), [#3149](https://togithub.com/sass/node-sass/issues/3149)) ##### Features - Add support for Node 17 ([@nschonni](https://togithub.com/nschonni)) ##### Dependencies - Bump eslint from 7.32.0 to 8.0.0 ([@nschonni](https://togithub.com/nschonni), [#3191](https://togithub.com/sass/node-sass/issues/3191)) - Bump fs-extra from 0.30.0 to 10.0.0 ([@nschonni](https://togithub.com/nschonni), [#3102](https://togithub.com/sass/node-sass/issues/3102)) - Bump npmlog from 4.1.2 to 5.0.0 ([@nschonni](https://togithub.com/nschonni), [#3156](https://togithub.com/sass/node-sass/issues/3156)) - Bump chalk from 1.1.3 to 4.1.2 ([@nschonni](https://togithub.com/nschonni), [#3161](https://togithub.com/sass/node-sass/issues/3161)) ##### Community - Remove double word "support" from documentation ([@pzrq](https://togithub.com/pzrq), [#3159](https://togithub.com/sass/node-sass/issues/3159)) ##### Misc - Bump various GitHub Actions dependencies ([@nschonni](https://togithub.com/nschonni)) #### Supported Environments | OS | Architecture | Node | | --- | --- | --- | | Windows | x86 & x64 | 12, 14, 16, 17 | | OSX | x64 | 12, 14, 16, 17 | | Linux\* | x64 | 12, 14, 16, 17 | | Alpine Linux | x64 | 12, 14, 16, 17 | | FreeBSD | i386 amd64 | 12, 14 | \*Linux support refers to major distributions like Ubuntu, and DebianConfiguration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled due to failing status checks.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.