[Snyk] Upgrade sass from 1.26.3 to 1.53.0

[Manny27nyc]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sass from 1.26.3 to 1.53.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 86 versions ahead of your current version.
• The recommended version was released a month ago, on 2022-06-22.

Release notes

Package name: sass

• 1.53.0 - 2022-06-22
  

  To install Sass 1.53.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  • Add support for calling var() with an empty second argument, such as var(--side, ).

  JS API

  • Fix a bug where meta.load-css() would sometimes resolve relative URLs incorrectly when called from a mixin using the legacy JS API.

  Embedded Sass

  • Respect npm's proxy settings when downloading the embedded Sass compiler.

  See the full changelog for changes in earlier releases.

• 1.52.3 - 2022-06-08
  

  To install Sass 1.52.3, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  • Fix crash when trailing loud comments (/* ... */) appear twice in a row across two different imports which themselves imported the same file each.

  See the full changelog for changes in earlier releases.

• 1.52.2 - 2022-06-03
  

  To install Sass 1.52.2, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  • Preserve location of trailing loud comments (/* ... */) instead of pushing the comment to the next line.

  See the full changelog for changes in earlier releases.

• 1.52.1 - 2022-05-20
  

  To install Sass 1.52.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  Command Line Interface

  • Fix a bug where --watch mode would close immediately in TTY mode. This was caused by our change to close --watch when stdin was closed outside of TTY mode, which has been reverted for now while we work on a fix.

  See the full changelog for changes in earlier releases.

• 1.52.0 - 2022-05-20
• 1.51.0 - 2022-04-26
• 1.50.1 - 2022-04-19
• 1.50.0 - 2022-04-07
• 1.49.11 - 2022-04-01
• 1.49.10 - 2022-03-30
• 1.49.9 - 2022-02-24
• 1.49.8 - 2022-02-17
• 1.49.7 - 2022-02-01
• 1.49.6 - 2022-02-01
• 1.49.5 - 2022-02-01
• 1.49.4 - 2022-02-01
• 1.49.3 - 2022-02-01
• 1.49.2 - 2022-02-01
• 1.49.1 - 2022-01-31
• 1.49.0 - 2022-01-18
• 1.48.0 - 2022-01-13
• 1.47.0 - 2022-01-07
• 1.46.0 - 2022-01-06
• 1.45.2 - 2021-12-31
• 1.45.1 - 2021-12-21
• 1.45.0 - 2021-12-10
• 1.45.0-rc.2 - 2021-12-02
• 1.45.0-rc.1 - 2021-11-30
• 1.44.0 - 2021-11-30
• 1.43.5 - 2021-11-24
• 1.43.4 - 2021-10-26
• 1.43.3 - 2021-10-21
• 1.43.2 - 2021-10-13
• 1.42.1 - 2021-09-22
• 1.42.0 - 2021-09-21
• 1.41.1 - 2021-09-16
• 1.41.0 - 2021-09-14
• 1.40.1 - 2021-09-14
• 1.40.0 - 2021-09-13
• 1.39.2 - 2021-09-10
• 1.39.1 - 2021-09-09
• 1.39.0 - 2021-09-02
• 1.38.2 - 2021-08-28
• 1.38.1 - 2021-08-23
• 1.38.0 - 2021-08-17
• 1.37.5 - 2021-08-04
• 1.37.4 - 2021-08-03
• 1.37.3 - 2021-08-03
• 1.37.2 - 2021-08-03
• 1.37.1 - 2021-08-02
• 1.37.0 - 2021-07-30
• 1.36.0 - 2021-07-23
• 1.35.2 - 2021-07-07
• 1.35.1 - 2021-06-15
• 1.35.0 - 2021-06-15
• 1.34.1 - 2021-06-02
• 1.34.0 - 2021-05-22
• 1.33.0 - 2021-05-21
• 1.32.13 - 2021-05-12
• 1.32.12 - 2021-04-28
• 1.32.11 - 2021-04-19
• 1.32.10 - 2021-04-16
• 1.32.9 - 2021-04-16
• 1.32.8 - 2021-02-18
• 1.32.7 - 2021-02-10
• 1.32.6 - 2021-02-01
• 1.32.5 - 2021-01-20
• 1.32.4 - 2021-01-12
• 1.32.3 - 2021-01-12
• 1.32.2 - 2021-01-07
• 1.32.1 - 2021-01-06
• 1.32.0 - 2020-12-30
• 1.30.0 - 2020-12-04
• 1.29.0 - 2020-11-05
• 1.28.0 - 2020-10-29
• 1.27.2 - 2020-10-29
• 1.27.1 - 2020-10-28
• 1.27.0 - 2020-10-08
• 1.26.12 - 2020-10-06
• 1.26.11 - 2020-09-18
• 1.26.10 - 2020-07-06
• 1.26.9 - 2020-06-22
• 1.26.8 - 2020-06-05
• 1.26.7 - 2020-05-29
• 1.26.6 - 2020-05-28
• 1.26.5 - 2020-04-24
• 1.26.3 - 2020-03-11

from sass GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sonatype-lift]

Critical Vulnerability:

pkg:npm/sass@1.53.0

1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components

pkg:npm/glob-parent@5.1.1

CRITICAL Vulnerabilities (1)




[CVE-2020-28469] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

CVSS Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

---

Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.

When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.

---

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]