[Snyk] Upgrade sass from 1.45.1 to 1.58.3

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sass from 1.45.1 to 1.58.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 44 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-02-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Directory Traversal SNYK-JS-MOMENT-2440688	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CODEMIRROR-1016937	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Timing Attack SNYK-JS-ELLIPTIC-511941	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CODEMIRROR-569611	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sass

• 1.58.3 - 2023-02-18
  

  To install Sass 1.58.3, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  • No user-visible changes.

  See the full changelog for changes in earlier releases.

• 1.58.2 - 2023-02-17
• 1.58.1 - 2023-02-14
• 1.58.0 - 2023-02-01
• 1.57.1 - 2022-12-19
• 1.57.0 - 2022-12-17
• 1.56.2 - 2022-12-08
• 1.56.1 - 2022-11-09
• 1.56.0 - 2022-11-04
• 1.55.0 - 2022-09-21
• 1.54.9 - 2022-09-07
• 1.54.8 - 2022-08-31
• 1.54.7 - 2022-08-31
• 1.54.6 - 2022-08-29
• 1.54.5 - 2022-08-19
• 1.54.4 - 2022-08-10
• 1.54.3 - 2022-08-04
• 1.54.2 - 2022-08-03
• 1.54.1 - 2022-08-02
• 1.54.0 - 2022-07-22
• 1.53.0 - 2022-06-22
• 1.52.3 - 2022-06-08
• 1.52.2 - 2022-06-03
• 1.52.1 - 2022-05-20
• 1.52.0 - 2022-05-20
• 1.51.0 - 2022-04-26
• 1.50.1 - 2022-04-19
• 1.50.0 - 2022-04-07
• 1.49.11 - 2022-04-01
• 1.49.10 - 2022-03-30
• 1.49.9 - 2022-02-24
• 1.49.8 - 2022-02-17
• 1.49.7 - 2022-02-01
• 1.49.6 - 2022-02-01
• 1.49.5 - 2022-02-01
• 1.49.4 - 2022-02-01
• 1.49.3 - 2022-02-01
• 1.49.2 - 2022-02-01
• 1.49.1 - 2022-01-31
• 1.49.0 - 2022-01-18
• 1.48.0 - 2022-01-13
• 1.47.0 - 2022-01-07
• 1.46.0 - 2022-01-06
• 1.45.2 - 2021-12-31
• 1.45.1 - 2021-12-21

from sass GitHub release notes

Commit messages

Package name: sass

• 620d8d3 Cut a release to include Fix npm release sass/embedded-host-node#206 (#1890)
• c452388 Add timestamp to printed compile statement (#1876)
• 13cc7d2 Improve the suggested replacements for unary minus in /-as-division (#1888)
• c8b4cd0 Don't emit "deg" for hsl hues (#1885)
• d2bc710 Update and lock sass_api version when releasing dart-sass-embedded (#1878)
• 5eb66fc Fixes typos (#1879)
• 6310dfb Update synchronization tests to verify the entire file (#1880)
• 98fe9a4 Track dependencies through `meta.load-css()` with `--watch` (#1877)
• 5a521b8 Add all CSS length units in known compatibilities (#1868)
• 499965a Update CI Node versions to 18/16/14 (#1871)
• 0006924 Fix escaped backslash crash (#1870)
• 0248608 Return an error when using a custom property in a propset instead of crashing (#1874)
• b98fa4f Fix an edge case in superselector computation (#1866)
• 14c1634 Don't crash when parsing `+.` (#1865)
• aceb1e8 Remove sourcemap comments from Sass sources (#1860)
• 441be80 Delete dead code (#1864)
• 5522c17 Run "dart pub upgrade" rather than "pub upgrade" (#1851)
• 4349769 Create dependabot.yml (#1849)
• 100f76f Implement string.split() (#1839)
• 236b83f Delete dev dependency on Sass when releasing the embedded compiler (#1850)
• 641d8e1 Be strict about whitespace in custom functions (#1848)
• e87176a Add a factory method for creating host callable (#1829)
• 790eb8a Update CHANGELOG for embedded-host-node fixes (#1828)
• f3293db JS API: Validate that importer result 'contents' is a `string` and improve ArgumentError output (#1816)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs