[Snyk] Upgrade sass-loader from 7.3.1 to 13.0.2

[MarcelRaschke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sass-loader from 7.3.1 to 13.0.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 34 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-06-27.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sass-loader

• 13.0.2 - 2022-06-27
• 13.0.1 - 2022-06-24
  

  13.0.1 (2022-06-24)

  Bug Fixes

  • optimize debug message formatting, #1065 (#1066) (49a578a)
• 13.0.0 - 2022-05-18
  

  13.0.0 (2022-05-18)

  ⚠ BREAKING CHANGES

  • minimum supported Node.js version is 14.15.0 (#1048)
  • emit @ warn at-rules as webpack warnings by default, if you want to revert behavior please use the warnRuleAsWarning option (#1054) (58ffb68)

  Bug Fixes

  • do not crash on importers for modern API (#1052) (095814e)
  • do not store original sass error in webpack error(#1053) (06d7533)
• 12.6.0 - 2022-02-15
  

  12.6.0 (2022-02-15)

  Features

  • added support for automatic loading of sass-embedded (#1025) (c8dae87)
• 12.5.0 - 2022-02-14
  

  12.5.0 (2022-02-14)

  Features

  • added support for sass-embedded (faster than node-sass), feel free to feedback
  • added the api option (modern api is experimental and currently doesn't support built-in webpack resolver) (afbe114)
• 12.4.0 - 2021-12-07
  

  12.4.0 (2021-12-07)

  Features

  • add support for node-sass 7 (#1002) (be5cbc9)
• 12.3.0 - 2021-10-27
  

  12.3.0 (2021-10-27)

  Features

  • added the warnRuleAsWarning option, allows to emit a warning on the @ warn rule (#992) (c652c79)
  • use webpack logger to log sass messages (only for dart-sass), configure it using infrastructureLogging (#991) (bb7cef9)
• 12.2.0 - 2021-10-12
  

  12.2.0 (2021-10-12)

  Features

  • add link field in schema (#976) (1b453fb)
• 12.1.0 - 2021-06-10
  

  12.1.0 (2021-06-10)

  Features

  • allow String value for the implementation option (382a3ca)
• 12.0.0 - 2021-06-01
  

  12.0.0 (2021-06-01)

  ⚠ BREAKING CHANGES

  • minimum supported Node.js version is 12.13.0

  Bug Fixes

  • crash in custom importers with worker threads (#958) (67aa139)
  • resolving _index.import.scss/index.import.scss in packages (#906) (6641a16)
• 11.1.1 - 2021-05-13
• 11.1.0 - 2021-05-10
• 11.0.1 - 2021-02-08
• 11.0.0 - 2021-02-05
• 10.3.1 - 2022-07-06
• 10.3.0 - 2022-06-27
• 10.2.1 - 2022-01-14
  

  10.2.1 (2022-01-14)

  Bug Fixes

  • backported disabled auto importing fiber on node >= 16 (#1014) (f4234e4)
• 10.2.0 - 2021-05-10
• 10.1.1 - 2021-01-11
• 10.1.0 - 2020-11-11
• 10.0.5 - 2020-11-02
• 10.0.4 - 2020-10-22
• 10.0.3 - 2020-10-09
• 10.0.2 - 2020-09-03
• 10.0.1 - 2020-08-25
• 10.0.0 - 2020-08-24
• 10.0.0-rc.0 - 2020-08-24
• 9.0.3 - 2020-08-05
• 9.0.2 - 2020-07-07
• 9.0.1 - 2020-07-03
• 9.0.0 - 2020-07-02
• 8.0.2 - 2020-01-13
• 8.0.1 - 2020-01-10
• 8.0.0 - 2019-08-29
• 7.3.1 - 2019-08-20

from sass-loader GitHub release notes

Commit messages

Package name: sass-loader

• 86b81ea chore(release): 13.0.2
• 5e6a61b fix: hide error stacktrace on Sass errors (Cleanup: Use Proper Sass Syntax readthedocs/sphinx_rtd_theme#1069)
• 5f0658e docs: fix changelog
• 0cd9a7f chore(release): 13.0.1
• 49a578a fix: optimize debug message formatting, C++ API, lack of a space between return type and function name readthedocs/sphinx_rtd_theme#1065 (NPM: Update to version 7 readthedocs/sphinx_rtd_theme#1066)
• cb98ad5 docs: remove fibers package (Cleanup: Move Breadcrumbs to layout and clean up unused rules readthedocs/sphinx_rtd_theme#1059)
• f6e624a docs: update note in README.md (Fix Nav Buttons Size readthedocs/sphinx_rtd_theme#1067)
• 2e1822e chore: disable commit message length check (Cleanup: Remove wyrm specific icon sass readthedocs/sphinx_rtd_theme#1063)
• 8cd2b19 chore: update dependencies to the latest version (Duplicated access key of the prev and next buttons when prev_next_buttons_location == 'both' readthedocs/sphinx_rtd_theme#1057)
• 179ee31 docs: remove old badge (Migrate to bootstrap readthedocs/sphinx_rtd_theme#1055)
• 9714899 fix: ci (Fix aria label readthedocs/sphinx_rtd_theme#1056)
• 1d1b057 chore(release): 13.0.0
• 095814e fix: do not crash on importers for modern API (definition lists in  readthedocs/sphinx_rtd_theme#1052)
• 58ffb68 feat: emit `@ warning` as webpack warning (Support jupyter book theme options readthedocs/sphinx_rtd_theme#1054)
• 06d7533 fix: do not store original sass error in webpack error(Display of jshtml animations readthedocs/sphinx_rtd_theme#1053)
• 040a511 chore(deps): update (Respect tab order for prev/next buttons readthedocs/sphinx_rtd_theme#1051)
• 4762909 refactor!: minimum supported `Node.js` version is `14.15.0` (Update intersphinx urls readthedocs/sphinx_rtd_theme#1048)
• 7be1c1c chore: update github actions (Don't toggle terminal nodes readthedocs/sphinx_rtd_theme#1049)
• 39e68a9 ci: remove node v17 (Feature: Dynamic PDF Rendering readthedocs/sphinx_rtd_theme#1046)
• 2d565b2 chore: add node 18 (Feature: Mobile Optimized Codebocks + Language Interpretation readthedocs/sphinx_rtd_theme#1045)
• d7c05ef test: more (Nav links toggle format with each click readthedocs/sphinx_rtd_theme#1044)
• eec408f ci: don't install webpack again (#1043)
• 8e3cde0 chore(deps): bump minimist from 1.2.5 to 1.2.6 (Dyslexic Theme readthedocs/sphinx_rtd_theme#1041)
• bbb3cf2 refactor: replace deprecated String.prototype.substr() (Docs: fix typo readthedocs/sphinx_rtd_theme#1036)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs