High severity vulnerability

thgh / rollup-plugin-scss

Rollup and compile multiple .scss, .sass and .css imports

MIT License

135 stars 46 forks source link

High severity vulnerability #28

Closed ZaDarkSide closed 5 years ago

ZaDarkSide commented 5 years ago

  Package         tar                                                  
  Patched in      >=4.4.2                            
  Dependency of   rollup-plugin-scss [dev]     
  Path            rollup-plugin-scss > node-sass > node-gyp > tar
  More info       https://npmjs.com/advisories/803

A solution would be to update in packages.json node-sass version to latest

thgh commented 5 years ago

tar has been fixed node-gyp has been fixed node-sass is working on it: https://github.com/sass/node-sass/issues/2625

Updating package.json shows same audit warning, so I will wait until node-sass is fixed.

web3devin commented 5 years ago

@thgh , This is no longer an issue; if you still want to close the issue.

thgh commented 5 years ago

Alrighty