[Snyk] Upgrade sass from 1.45.0 to 1.71.1 #2301

Balantion2020 · 2024-03-28T18:25:51Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sass from 1.45.0 to 1.71.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 80 versions ahead of your current version.
The recommended version was released a month ago, on 2024-02-21.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Poisoning SNYK-JS-QS-3153490	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	375/1000 Why? CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	375/1000 Why? CVSS 7.5	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	375/1000 Why? CVSS 7.5	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536531	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	375/1000 Why? CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	375/1000 Why? CVSS 7.5	No Known Exploit
Directory Traversal SNYK-JS-MOMENT-2440688	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	375/1000 Why? CVSS 7.5	Proof of Concept
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	375/1000 Why? CVSS 7.5	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-2407770	375/1000 Why? CVSS 7.5	Proof of Concept
Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	375/1000 Why? CVSS 7.5	Proof of Concept
Open Redirect SNYK-JS-URLPARSE-1533425	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	375/1000 Why? CVSS 7.5	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	375/1000 Why? CVSS 7.5	Proof of Concept
Command Injection SNYK-JS-NODENOTIFIER-1035794	375/1000 Why? CVSS 7.5	No Known Exploit
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	375/1000 Why? CVSS 7.5	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	375/1000 Why? CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	375/1000 Why? CVSS 7.5	Proof of Concept
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	375/1000 Why? CVSS 7.5	No Known Exploit
Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	375/1000 Why? CVSS 7.5	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	375/1000 Why? CVSS 7.5	Proof of Concept
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-EVENTSOURCE-2823375	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-101-1292345	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	375/1000 Why? CVSS 7.5	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	375/1000 Why? CVSS 7.5	No Known Exploit
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	375/1000 Why? CVSS 7.5	No Known Exploit
Information Exposure SNYK-JS-NANOID-2332193	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	375/1000 Why? CVSS 7.5	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sass

1.71.1 - 2024-02-21
To install Sass 1.71.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Command-Line Interface
- Ship the musl Linux release with the proper Dart executable.
JavaScript API
- Export the NodePackageImporter class in ESM mode.
- Allow NodePackageImporter to locate a default directory even when the entrypoint is an ESM module.
Dart API
- Make passing a null argument to NodePackageImporter() a static error rather than just a runtime error.
Embedded Sass
- In the JS Embedded Host, properly install the musl Linux embedded compiler when running on musl Linux.
See the full changelog for changes in earlier releases.
1.71.0 - 2024-02-16
To install Sass 1.71.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

For more information about pkg: importers, see the announcement on the Sass blog.

Command-Line Interface
- Add a --pkg-importer flag to enable built-in pkg: importers. Currently this only supports the Node.js package resolution algorithm, via --pkg-importer=node. For example, @ use "pkg:bootstrap" will load node_modules/bootstrap/scss/bootstrap.scss.
JavaScript API
- Add a NodePackageImporter importer that can be passed to the importers option. This loads files using the pkg: URL scheme according to the Node.js package resolution algorithm. For example, @ use "pkg:bootstrap" will load node_modules/bootstrap/scss/bootstrap.scss. The constructor takes a single optional argument, which indicates the base directory to use when locating node_modules directories. It defaults to path.dirname(require.main.filename).
Dart API
- Add a NodePackageImporter importer that can be passed to the importers option. This loads files using the pkg: URL scheme according to the Node.js package resolution algorithm. For example, @ use "pkg:bootstrap" will load node_modules/bootstrap/scss/bootstrap.scss. The constructor takes a single argument, which indicates the base directory to use when locating node_modules directories.
See the full changelog for changes in earlier releases.
1.70.0 - 2024-01-18
To install Sass 1.70.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

JavaScript API
- Add a sass.initCompiler() function that returns a sass.Compiler object which supports compile() and compileString() methods with the same API as the global Sass object. On the Node.js embedded host, each sass.Compiler object uses a single long-lived subprocess, making compiling multiple stylesheets much more efficient.
- Add a sass.initAsyncCompiler() function that returns a sass.AsyncCompiler object which supports compileAsync() and compileStringAsync() methods with the same API as the global Sass object. On the Node.js embedded host, each sass.AsynCompiler object uses a single long-lived subprocess, making compiling multiple stylesheets much more efficient.
Embedded Sass
- Support the CompileRequest.silent field. This allows compilations with no logging to avoid unnecessary request/response cycles.
- The Dart Sass embedded compiler now reports its name as "dart-sass" rather than "Dart Sass", to match the JS API's info field.
See the full changelog for changes in earlier releases.
1.69.7 - 2024-01-02
To install Sass 1.69.7, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Embedded Sass
- In the JS Embedded Host, properly install the x64 Dart Sass executable on ARM64 Windows.
See the full changelog for changes in earlier releases.
1.69.6 - 2023-12-28
1.69.5 - 2023-10-26
1.69.4 - 2023-10-17
1.69.3 - 2023-10-12
1.69.2 - 2023-10-10
1.69.1 - 2023-10-09
1.69.0 - 2023-10-05
1.68.0 - 2023-09-21
1.67.0 - 2023-09-14
1.66.1 - 2023-08-18
1.66.0 - 2023-08-17
1.65.1 - 2023-08-09
1.65.0 - 2023-08-09
1.64.2 - 2023-07-31
1.64.1 - 2023-07-22
1.64.0 - 2023-07-20
1.63.6 - 2023-06-21
1.63.5 - 2023-06-21
1.63.4 - 2023-06-14
1.63.3 - 2023-06-09
1.63.2 - 2023-06-08
1.63.1 - 2023-06-08
1.63.0 - 2023-06-07
1.62.1 - 2023-04-25
1.62.0 - 2023-04-11
1.61.0 - 2023-04-06
1.60.0 - 2023-03-23
1.59.3 - 2023-03-14
1.59.2 - 2023-03-11
1.59.1 - 2023-03-10
1.59.0 - 2023-03-10
1.58.3 - 2023-02-18
1.58.2 - 2023-02-17
1.58.1 - 2023-02-14
1.58.0 - 2023-02-01
1.57.1 - 2022-12-19
1.57.0 - 2022-12-17
1.56.2 - 2022-12-08
1.56.1 - 2022-11-09
1.56.0 - 2022-11-04
1.55.0 - 2022-09-21
1.54.9 - 2022-09-07
1.54.8 - 2022-08-31
1.54.7 - 2022-08-31
1.54.6 - 2022-08-29
1.54.5 - 2022-08-19
1.54.4 - 2022-08-10
1.54.3 - 2022-08-04
1.54.2 - 2022-08-03
1.54.1 - 2022-08-02
1.54.0 - 2022-07-22
1.53.0 - 2022-06-22
1.52.3 - 2022-06-08
1.52.2 - 2022-06-03
1.52.1 - 2022-05-20
1.52.0 - 2022-05-20
1.51.0 - 2022-04-26
1.50.1 - 2022-04-19
1.50.0 - 2022-04-07
1.49.11 - 2022-04-01
1.49.10 - 2022-03-30
1.49.9 - 2022-02-24
1.49.8 - 2022-02-17
1.49.7 - 2022-02-01
1.49.6 - 2022-02-01
1.49.5 - 2022-02-01
1.49.4 - 2022-02-01
1.49.3 - 2022-02-01
1.49.2 - 2022-02-01
1.49.1 - 2022-01-31
1.49.0 - 2022-01-18
1.48.0 - 2022-01-13
1.47.0 - 2022-01-07
1.46.0 - 2022-01-06
1.45.2 - 2021-12-31
1.45.1 - 2021-12-21
1.45.0 - 2021-12-10

from sass GitHub release notes

Commit messages

Package name: sass

1b4d703 Release 1.71.1 ([Snyk] Upgrade @docusaurus/core from 2.0.0-beta.0 to 2.4.3 #2182)
6d66c43 Properly handle `new NodePackageImporter()` with an ESM entrypoint ([Snyk] Upgrade @docusaurus/preset-classic from 2.0.0-beta.0 to 2.4.3 #2181)
85a932f Add missing ESM export of NodePackageImporter ([Snyk] Upgrade eslint-plugin-react from 7.23.2 to 7.33.2 #2177)
786dd63 Fix linux musl builds ([Snyk] Upgrade @docusaurus/theme-search-algolia from 2.0.0-beta.0 to 2.4.3 #2175)
3e6721e Fix new static warnings with Dart 3.3 ([Snyk] Upgrade @types/node from 16.11.12 to 16.18.77 #2173)
2cab33e Update the language revision in Homebrew on release ([Snyk] Upgrade @docusaurus/preset-classic from 2.0.0-beta.0 to 2.4.3 #2171)
84ededd Use musl support in cli_pkg ([Snyk] Upgrade eslint-plugin-react from 7.23.2 to 7.33.2 #2172)
00571ec Add a `--pkg-importer` flag ([Snyk] Upgrade @docusaurus/core from 2.0.0-beta.0 to 2.4.3 #2169)
84f31f0 Update pubspec/changelog for `pkg:` importers ([Snyk] Upgrade eslint-plugin-react from 7.23.2 to 7.33.2 #2168)
9ee5408 [Package Importer] Dart Implementation ([Snyk] Upgrade @docusaurus/theme-search-algolia from 2.0.0-beta.0 to 2.4.3 #2130)
9423aa5 Use macos-14 runner instead of macos-latest-xlarge runner ([Snyk] Upgrade @docusaurus/theme-search-algolia from 2.0.0-beta.0 to 2.4.3 #2167)
bbf97b4 Remove the sass dependency from package.json ([Snyk] Upgrade @docusaurus/core from 2.0.0-beta.0 to 2.4.3 #2162)
076414d [Shared Resources] dart-sass implementation ([Snyk] Upgrade @docusaurus/theme-search-algolia from 2.0.0-beta.0 to 2.4.3 #2134)
0d91c92 Support CompileRequest.silent of embedded protocol ([Snyk] Upgrade @docusaurus/theme-search-algolia from 2.0.0-beta.0 to 2.4.3 #2160)
b263a72 Use implementation name dart-sass for VersionResponse ([Snyk] Upgrade @docusaurus/core from 2.0.0-beta.0 to 2.4.3 #2156)
006baa5 Update the pubspec and changelog for Correct usage on win32-on-arm64 platforms to look for x64 native variant sass/embedded-host-node#266 ([Snyk] Upgrade @docusaurus/preset-classic from 2.0.0-beta.0 to 2.4.3 #2158)
6205eac Add wait time before update website ([Snyk] Upgrade @docusaurus/theme-search-algolia from 2.0.0-beta.0 to 2.4.3 #2153)
f3c7be5 Make meta.apply() an AsyncBuiltInCallable ([Snyk] Upgrade @docusaurus/core from 2.0.0-beta.0 to 2.4.3 #2152)
1fc740d Upload releases for musl-libc and android ([Snyk] Upgrade eslint-plugin-react from 7.23.2 to 7.33.2 #2149)
6f665c1 Escape unprintable 0x7F (delete control character) ([Snyk] Upgrade @docusaurus/preset-classic from 2.0.0-beta.0 to 2.4.3 #2144)
f5dab76 Bump dartdoc from 7.0.2 to 8.0.2 ([Snyk] Upgrade @types/node from 16.11.12 to 16.18.74 #2146)
4daf0b4 Escape non-US-ASCII characters in `SassException.toCssString()` ([Snyk] Upgrade @docusaurus/theme-search-algolia from 2.0.0-beta.0 to 2.4.3 #2143)
cd798bf Improve inspect() output for complex units ([Snyk] Upgrade @docusaurus/theme-search-algolia from 2.0.0-beta.0 to 2.4.3 #2138)
bd80c58 Make LazyFileSpans work in JavaScript ([Snyk] Upgrade @docusaurus/core from 2.0.0-beta.0 to 2.4.3 #2142)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade sass from 1.45.0 to 1.71.1. See this package in npm: https://www.npmjs.com/package/sass See this project in Snyk: https://app.snyk.io/org/balantion2020/project/1e315226-8cb0-4e84-8a6d-7b37a28c42cb?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade sass from 1.45.0 to 1.71.1 #2301

[Snyk] Upgrade sass from 1.45.0 to 1.71.1 #2301

Balantion2020 commented Mar 28, 2024

Changes

Command-Line Interface

JavaScript API

Dart API

Embedded Sass

Changes

Command-Line Interface

JavaScript API

Dart API

Changes

JavaScript API

Embedded Sass

Changes

Embedded Sass

[Snyk] Upgrade sass from 1.45.0 to 1.71.1 #2301

Are you sure you want to change the base?

[Snyk] Upgrade sass from 1.45.0 to 1.71.1 #2301

Conversation

Balantion2020 commented Mar 28, 2024

Snyk has created this PR to upgrade sass from 1.45.0 to 1.71.1.

Changes

Command-Line Interface

JavaScript API

Dart API

Embedded Sass

Changes

Command-Line Interface

JavaScript API

Dart API

Changes

JavaScript API

Embedded Sass

Changes

Embedded Sass