Skip to content

[Snyk] Security upgrade gulp-sass from 1.3.3 to 2.0.0#18

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-910eec9addaed08138c8bf556c781d08
Open

[Snyk] Security upgrade gulp-sass from 1.3.3 to 2.0.0#18
snyk-bot wants to merge 1 commit into
masterfrom
snyk-fix-910eec9addaed08138c8bf556c781d08

Conversation

@snyk-bot

Copy link
Copy Markdown

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
NULL Pointer Dereference
SNYK-JS-NODESASS-535502
Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Denial of Service (DoS)
SNYK-JS-NODESASS-540980
Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Out-of-bounds Read
SNYK-JS-NODESASS-540990
Yes Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5
NULL Pointer Dereference
SNYK-JS-NODESASS-540994
Yes No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Out-of-bounds Read
SNYK-JS-NODESASS-540996
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gulp-sass The new version differs by 65 commits.
  • ee03918 Merge pull request #254 from dlmanning/2.x
  • 598d16f Merge pull request #248 from Snugug/feature/contributing
  • dec985f Merge pull request #253 from Snugug/feature/3.0-bump
  • c033adf ⬆️ Update Node Sass to 3.0
  • 083e6bc 🔥 Remove reference to branch
  • e072993 🔥 Remove Branching Model section
  • ee07858 🎨 Update formatting of CHANGELOG entry
  • 299c18f 📝 Add Contributing guidelines
  • 33aa1f7 Merge pull request #238 from sarenji/2.x
  • 2b21a49 Update to node-sass beta 7
  • c1d629c Allow you to change the compiler and expose it
  • cc2f815 bump node-sass to 3.0.0-beta.4
  • 9b69aaa Merge pull request #228 from Snugug/2.x-datastream
  • b7ade97 Indented Syntax support
  • ad6e6e4 Tests for file rename and file contents change
  • 0fefd16 Updated vars and includePaths based on comments
  • 700ca8d Merge pull request #222 from Keats/filename
  • 5b8d4eb Nope, shouldn't be , should be file name
  • 4c4c3c1 A little bit of source map massaging
  • bea198e Updated Tests
  • 3cdf1a3 Passing file as data
  • 5c7777f Rebase on top of 2.x
  • de6af93 Add a sass file to the inheritance test
  • 25ee16f Replace indent.sass to match an existing issue

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant