[Snyk] Fix for 1 vulnerabilities

[micahlmartin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-sass

The new version differs by 250 commits.

• d707218 Bump v3.5.1 because npm
• a15f54c Merge pull request #1452 from saper/fix-build
• 4f420a5 Use "double quotes" around the binding file name
• 99ea434 Actually check if the binary exists.
• 1e4bba8 v3.5.0: Filter branch for appveyor
• 8e09b74 Merge pull request #1450 from xzyfer/feat/release/3.5.0
• 6519cdf v3.5.0
• ef7a272 Merge pull request #1449 from xzyfer/feat/binary-error
• 211f312 Log the error when there is a problem with the binary
• ec48be4 Bump LibSass 3.3.5
• 5df330d Bump LibSass 3.3.5
• 9c6933f Merge pull request #1435 from xzyfer/fix/binary-verification
• 0fa5e5e Fix a regression in binary verification
• 7c24716 Merge pull request #1430 from xzyfer/feat/process-sass-deprecation-warning
• adb6166 Ouptut a deprecation warning to stdout when using process.sass
• d76923b Merge pull request #1428 from xzyfer/feat/better-binary-error-messages
• cf87e0b Better error messages for missing binaries
• 41db8b9 Merge pull request #1427 from xzyfer/feat/remove-process-sass
• 90b6939 Polyfill process.sass
• 22c560c Remove use of global process.sass
• b0df78d Merge pull request #1424 from xzyfer/feat/importer-docs-return-null
• 02eee94 Update custom importer documentation to advocate returning `null`
• 09bf80c Merge pull request #1390 from eoneill/customFunctionsContext
• 5b2862e Merge pull request #1423 from xzyfer/feat/dont-ignore-vendor-folder

See the full diff

Package name: sass-graph

The new version differs by 19 commits.

• 4f14b49 Update changelog for 2.1.0
• 42e8ba7 2.1.0
• dba9119 Update lodash to 4.0.0
• c0c8c25 Add NodeJS 4 and 5 to Travis CI
• 904c20c Merge pull request Looking for a maintainer for this repo webpack-contrib/sass-loader#34 from niksy/skip-directory-with-extensions
• 8fc73db Don’t treat directory with extension as file
• ef9980a 2.0.1
• 2c54856 Merge pull request preventing duplicated imports webpack-contrib/sass-loader#30 from pleunv/master
• 9fd59fa Fix broken tests on Windows due to different file separators
• f6c63ba 2.0.0
• 18ffeb5 Merge pull request move node-sass to peerDependencies? webpack-contrib/sass-loader#28 from xzyfer/release/2.0.0
• 410c85d Minor cleanup
• 6c9c996 Update lodash@^3.8.0
• f79387a Update glob@^5.0.5
• 2d240de Update readme for 2.0.0
• 1647dd7 Update changelog for 2.0.0
• b3321f6 Prioritize cwd when resolving load paths
• bef22a0 Allow file extensions to be configurable
• ed52c7e Refactor CLI

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution