Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

4.13.1 vulnerabilities #2826

Closed
clement-fleury-assoconnect opened this issue Jan 22, 2020 · 5 comments
Closed

4.13.1 vulnerabilities #2826

clement-fleury-assoconnect opened this issue Jan 22, 2020 · 5 comments

Comments

@clement-fleury-assoconnect
Copy link

clement-fleury-assoconnect commented Jan 22, 2020
edited
Loading

There are 16 active vulnerabilities referenced in Snyk : https://snyk.io/test/npm/node-sass/4.13.1
And there are 0 referenced in GitHub : https://github.com/sass/node-sass/security/advisories

These should be fixed ASAP, or contact Snyk to close them if they are false positives.
@adamsbloom
Copy link

Is there anyone looking at upgrading the version of the libsass binary in node-sass to >=3.6.9? I believe that might resolve the Snyk vulnerabilities.

@nschonni
Copy link
Contributor

Libsass Upgrade is being tracked in #2685

@Janaka-Steph
Copy link

Are those vulnerabilities can affect a production web app already compiled?

@xzyfer
Copy link
Contributor

xzyfer commented Feb 19, 2020

@Janaka-Steph these only affect people compiling Sass as a web service. It does not affect compiling Sass code as a CLI and build pipeline.

@Janaka-Steph
Copy link

Janaka-Steph commented Feb 19, 2020
edited
Loading

Alright thank you! Snyk should mention that.

jiongle1 pushed a commit to scantist-ossops-m2/node-sass that referenced this issue Apr 7, 2024
@glebm
Fix inspect for quoted strings
e53c7f8 
Tests: sass/sass-spec#1381
Fixes sass#2826
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@xzyfer @nschonni @Janaka-Steph @adamsbloom @clement-fleury-assoconnect