[CVE-2022-25758][CVE-2020-24025] Bump node-sass to 7.0.3 and sass-loader to 10.4.1 in 2.x

ananzh · ananzh · commit 52dbc78e4b84 · 2023-02-17T21:30:36.000Z
Bump node-sass to 7.0.3 and sass-loader to 10.4.1 Issue Resolved: #1067 #1842 Signed-off-by: Anan Zhuang <ananzh@amazon.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [CVE-2022-25860] Bump simple-git from 3.15.1 to 3.16.0 ([#3345](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3345))
 - [CVE-2020-36632] [REQUIRES PLUGIN VALIDATION] Bump flat from 4.1.1 to 5.0.2 ([#3419](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3419)). To the best of our knowledge, this is a non-breaking change, but if your plugin relies on `mocha` tests, validate that they still work correctly (and plan to migrate them to `jest` [in preparation for `mocha` deprecation](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/1572).
 - [CVE-2023-25166] Bump formula from 3.0.0 to 3.0.1 ([#3416](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3416))
+- [CVE-2022-25758][CVE-2020-24025] Bump node-sass to 7.0.3 and sass-loader to 10.4.1 in 2.x ([#3455](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/3455))
 
 ### 📈 Features/Enhancements
 
diff --git a/package.json b/package.json
@@ -88,6 +88,7 @@
     "**/loader-utils": "^2.0.4",
     "**/node-jose": "^2.1.0",
     "**/nth-check": "^2.0.1",
+    "**/sass-loader": "^10.4.1",
     "**/trim": "^0.0.3",
     "**/typescript": "4.0.2",
     "**/unset-value": "^2.0.1",
@@ -190,6 +191,7 @@
     "mustache": "^2.3.2",
     "node-fetch": "^2.6.7",
     "node-forge": "^1.3.0",
+    "node-sass": "^7.0.3",
     "p-map": "^4.0.0",
     "pegjs": "0.10.0",
     "proxy-from-env": "1.0.0",
diff --git a/packages/osd-optimizer/package.json b/packages/osd-optimizer/package.json
@@ -29,7 +29,6 @@
     "js-yaml": "^3.14.0",
     "json-stable-stringify": "^1.0.1",
     "lmdb-store": "^1.6.11",
-    "node-sass": "^6.0.1",
     "normalize-path": "^3.0.0",
     "pirates": "^4.0.1",
     "postcss": "^8.4.5",
diff --git a/packages/osd-ui-framework/package.json b/packages/osd-ui-framework/package.json
@@ -30,7 +30,6 @@
     "grunt-babel": "^8.0.0",
     "grunt-contrib-clean": "^2.0.0",
     "grunt-contrib-copy": "^1.0.0",
-    "node-sass": "^6.0.1",
     "postcss": "^8.4.5",
     "sinon": "^7.4.2"
   }
diff --git a/yarn.lock b/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,6 @@`
`30`	`30`	`"grunt-babel": "^8.0.0",`
`31`	`31`	`"grunt-contrib-clean": "^2.0.0",`
`32`	`32`	`"grunt-contrib-copy": "^1.0.0",`
`33`		`- "node-sass": "^6.0.1",`
`34`	`33`	`"postcss": "^8.4.5",`
`35`	`34`	`"sinon": "^7.4.2"`
`36`	`35`	`}`