evenstensberg
commented
1 month ago Could you send a PR to scss-tokenizer and update the dep here?
Closed StephenTG closed 1 month ago
evenstensberg
commented
1 month ago Could you send a PR to scss-tokenizer and update the dep here?
StephenTG
commented
1 month ago Looks like there's been a PR for almost 2 years for this: https://github.com/sasstools/scss-tokenizer/pull/50
evenstensberg
commented
1 month ago Last commit was 2years ago, so I don't think we will be able to fix this.
StephenTG
commented
1 month ago sass-graph has a similar lack of recent updates, is there an alternative for that which could be used?
evenstensberg
commented
1 month ago I've contacted the maintainer of scss-tokenizer, so will await what he answers.
alexander-akait
commented
1 month ago Sorry, we can't fix it here, also node-sass is deprecated, please migrate on sass (dart) or sass-embedded
There's a High severity vulnerability in
scss-tokenizer(see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25758), which is included in this project viasass-graph.