Skip to content

[Snyk] Security upgrade gulp-sass from 1.3.3 to 3.0.0#15

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-2ea691ad8b50741f492e4ea348b2807b
Open

[Snyk] Security upgrade gulp-sass from 1.3.3 to 3.0.0#15
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-2ea691ad8b50741f492e4ea348b2807b

Conversation

@snyk-bot

Copy link
Copy Markdown

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Out-of-bounds Read
SNYK-JS-NODESASS-535501
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp-sass The new version differs by 160 commits.
  • 0d2a2bf 3.0.0
  • 251fbc8 Bump node-sass@v4.0.0
  • 218560f 2.3.2
  • 568b13b Merge pull request #509 from xzyfer/fix/option-leakage
  • 035b759 Prevent options leaking between compilations
  • 05f4cdf Merge pull request #490 from xzyfer/feat/bump-some-deps
  • ef6fa52 Bump some deps
  • cfee756 Allow the buggy node-sass@3.4.2 to be used
  • ebb66e8 v2.3.1
  • f049f68 Merge pull request #474 from xzyfer/feat/fix-include-paths
  • 1d72ed3 Restore includePaths logic
  • 439035f Merge pull request #468 from xzyfer/feat/node-sass/3.5.0
  • ae029bf Update to node-sass@3.5.1 stable
  • 74d6a1a Merge pull request #353 from eoneill/master
  • fa90705 Merge pull request #441 from cheapsteak/patch-2
  • 2068290 Update Readme to clarify that `data` is not passed to node-sass
  • 06dd57a Merge pull request #437 from xzyfer/feat/node-sass-beta
  • 9609cfe Prepare 2.3.0-beta.1 with node-sass@3.5.0-beta.1
  • 67874cb Merge pull request #436 from dlmanning/fix/sourcemap-tests
  • 3150325 Fix failing sourcemaps tests
  • 1888f35 2.2.0
  • cc1bca6 Merge pull request #408 from Keats/master
  • 52fba69 Merge pull request #420 from jlgeering/error-msg-unformatted
  • 847a2d3 Merge pull request #417 from ajschlosser/master

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODESASS-535501
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant