[Snyk] Upgrade sass from 1.63.3 to 1.63.6 #419

tristanrobert · 2023-07-13T14:40:56Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sass from 1.63.3 to 1.63.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 22 days ago, on 2023-06-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sass

1.63.6 - 2023-06-21
To install Sass 1.63.6, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

JavaScript API
- Fix import sass from 'sass' again after it was broken in the last release.
Embedded Sass
- Fix the exports declaration in package.json.
See the full changelog for changes in earlier releases.
1.63.5 - 2023-06-21
To install Sass 1.63.5, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

JavaScript API
- Fix a bug where loading the package through both CJS require() and ESM import could crash on Node.js.
Embedded Sass
- Fix a deadlock when running at high concurrency on 32-bit systems.
- Fix a race condition where the embedded compiler could deadlock or crash if a compilation ID was reused immediately after the compilation completed.
See the full changelog for changes in earlier releases.
1.63.4 - 2023-06-14
To install Sass 1.63.4, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

JavaScript API
- Re-enable support for import sass from 'sass' when loading the package from an ESM module in Node.js. However, this syntax is now deprecated; ESM users should use import * as sass from 'sass' instead.
  
  On the browser and other ESM-only platforms, only import * as sass from 'sass' is supported.
- Properly export the legacy API values TRUE, FALSE, NULL, and types from the ECMAScript module API.
Embedded Sass
- Fix a race condition where closing standard input while requests are in-flight could sometimes cause the process to hang rather than shutting down gracefully.
- Properly include the root stylesheet's URL in the set of loaded URLs when it fails to parse.
See the full changelog for changes in earlier releases.
1.63.3 - 2023-06-09
To install Sass 1.63.3, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

JavaScript API
- Fix loading Sass as an ECMAScript module on Node.js.
See the full changelog for changes in earlier releases.

from sass GitHub release notes

Commit messages

Package name: sass

658eb70 Cut a release (#2025)
b4e8a74 Use the new import name for the ESM default export (#2026)
a48ced8 Fix a race condition with re-used compilation isolate IDs (#2018)
62f29c8 Update README: npm package does not support --embedded flag (#2022)
cb4b442 Add a changelog entry for Fix double-loading packages on npm google/dart_cli_pkg#132 (#2020)
c41d52a Bump protobuf and protoc_plugin (#2021)
3fce74c Update README: install with brew on macOS or Linux (#2012)
b11840e Limit pool size (#2019)
e34a0c7 Cut a release (#2016)
3de612e Re-enable support for default exports (#2009)
ce58d87 Add missing ESM exports (#2010)
aa59a5f Fix race condition between spawning and killing isolates during shutdown (#2007)
760fa2e Add current stylesheet to loadedUrls when throwing parsing error (#1991)