Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade sass from 1.49.7 to 1.52.0 #154

Merged
merged 1 commit into from
Jun 14, 2022

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade sass from 1.49.7 to 1.52.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 8 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2022-05-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506
405/1000
Why? CVSS 8.1
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
405/1000
Why? CVSS 8.1
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
405/1000
Why? CVSS 8.1
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: sass
  • 1.52.0 - 2022-05-20

    To install Sass 1.52.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Add support for arbitrary modifiers at the end of plain CSS imports, in addition to the existing supports() and media queries. Sass now allows any sequence of identifiers of functions after the URL of an import for forwards compatibility with future additions to the CSS spec.

    • Fix an issue where source locations tracked through variable references could potentially become incorrect.

    • Fix a bug where a loud comment in the source can break the source map when embedding the sources, when using the command-line interface or the legacy JS API.

    JS API

    • SassNumber.assertUnit() and SassNumber.assertNoUnits() now correctly return the number called on when it passes the assertion.

    See the full changelog for changes in earlier releases.

  • 1.51.0 - 2022-04-26

    To install Sass 1.51.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    • Potentially breaking change: Change the order of maps returned by map.deep-merge() to match those returned by map.merge(). All keys that appeared in the first map will now be listed first in the same order they appeared in that map, followed by any new keys added from the second map.

    • Improve the string output of some AST nodes in error messages.

    See the full changelog for changes in earlier releases.

  • 1.50.1 - 2022-04-19

    To install Sass 1.50.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

    Changes

    Embedded Sass

    • The JS embedded host and the embedded compiler will now properly avoid resolving imports relative to the current working directory unless '.' is passed as a load path.

    • Fix a bug in the JS embedded host's implementation of the legacy JS API where imports that began with / could crash on Windows.

    See the full changelog for changes in earlier releases.

  • 1.50.0 - 2022-04-07
  • 1.49.11 - 2022-04-01
  • 1.49.10 - 2022-03-30
  • 1.49.9 - 2022-02-24
  • 1.49.8 - 2022-02-17
  • 1.49.7 - 2022-02-01
from sass GitHub release notes
Commit messages
Package name: sass

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@Loonz206 Loonz206 merged commit 324e0d9 into master Jun 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants