Skip to content

Update dependency node-sass to v7 [SECURITY]#20

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-node-sass-vulnerability
Open

Update dependency node-sass to v7 [SECURITY]#20
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-node-sass-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Mar 7, 2022

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
node-sass 4.14.17.0.0 age confidence

Improper Certificate Validation in node-sass

CVE-2020-24025 / GHSA-r8f7-9pfq-mjmv

More information

Details

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

sass/node-sass (node-sass)

v7.0.0

Compare Source

Breaking changes
Features
Dependencies
Community
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 16, 17
OSX x64 12, 14, 16, 17
Linux* x64 12, 14, 16, 17
Alpine Linux x64 12, 14, 16, 17
FreeBSD i386 amd64 12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Compare Source

Dependencies
Misc

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 16
Community

Supported Environments

OS Architecture Node
Windows x86 & x64 12, 14, 15, 16
OSX x64 12, 14, 15, 16
Linux* x64 12, 14, 15, 16
Alpine Linux x64 12, 14, 15, 16
FreeBSD i386 amd64 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v5.0.0

Compare Source

Breaking changes
Features
  • Add support for Node 15
  • New node-gyp version that supports building with Python 3
Community
Fixes

Supported Environments

OS Architecture Node
Windows x86 & x64 10, 12, 14, 15
OSX x64 10, 12, 14, 15
Linux* x64 10, 12, 14, 15
Alpine Linux x64 10, 12, 14, 15
FreeBSD i386 amd64 10, 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from 68a740a to 78d9395 Compare September 25, 2022 12:11
@renovate renovate Bot changed the title Update dependency node-sass to v7 [SECURITY] Update dependency node-sass to v7 [SECURITY] - autoclosed Feb 24, 2024
@renovate renovate Bot closed this Feb 24, 2024
@renovate renovate Bot deleted the renovate/npm-node-sass-vulnerability branch February 24, 2024 07:46
@renovate renovate Bot changed the title Update dependency node-sass to v7 [SECURITY] - autoclosed Update dependency node-sass to v7 [SECURITY] Feb 24, 2024
@renovate renovate Bot reopened this Feb 24, 2024
@renovate renovate Bot restored the renovate/npm-node-sass-vulnerability branch February 24, 2024 09:34
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from 78d9395 to 580a121 Compare February 24, 2024 09:34
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from 580a121 to f92236f Compare August 10, 2025 12:37
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from f92236f to fb63a9e Compare September 25, 2025 16:29
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from fb63a9e to 29dc230 Compare October 21, 2025 14:44
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from 29dc230 to 12d0a53 Compare January 19, 2026 17:46
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from b994d69 to 0575b94 Compare February 17, 2026 16:38
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from 0575b94 to 2bc05d7 Compare March 5, 2026 19:54
@renovate renovate Bot changed the title Update dependency node-sass to v7 [SECURITY] Update dependency node-sass to v7 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-node-sass-vulnerability branch March 27, 2026 01:54
@renovate renovate Bot changed the title Update dependency node-sass to v7 [SECURITY] - autoclosed Update dependency node-sass to v7 [SECURITY] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from 2bc05d7 to b98e9a5 Compare March 30, 2026 22:13
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from b98e9a5 to 584df4c Compare April 29, 2026 20:13
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from 584df4c to 51c7314 Compare May 12, 2026 12:32
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch 2 times, most recently from 395374d to da019f6 Compare June 1, 2026 19:49
@renovate renovate Bot force-pushed the renovate/npm-node-sass-vulnerability branch from da019f6 to 0b2fb09 Compare June 11, 2026 20:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants