[VULNERABILITY] 4 Moderate Severity Vulnerabilities in node-sass dependency

[njwest]

Node sass dependency has to be upgraded once node-gyp + node-sass are updated, as the node-gyp > .. > hoek dependency adds four vulnerabilities to this project.

The pending node-gyp merge that (allegedly) fixes this issue: nodejs/node-gyp#1492

NPM audit output:

                       === npm audit security report ===                        
                                                                                
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
│ Moderate      │ Prototype pollution                                          │
│ Package       │ hoek                                                         │
│ Patched in    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                  │
│ Dependency of │ node-sass [dev]                                              │
│ Path          │ node-sass > node-gyp > request > hawk > boom > hoek          │
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
│ Moderate      │ Prototype pollution                                          │
│ Package       │ hoek                                                         │
│ Patched in    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                  │
│ Dependency of │ node-sass [dev]                                              │
│ Path          │ node-sass > node-gyp > request > hawk > cryptiles > boom >   │
│               │ hoek                                                         │
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
│ Package       │ hoek                                                         │
│ Patched in    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                  │
│ Dependency of │ node-sass [dev]                                              │
│ Path          │ node-sass > node-gyp > request > hawk > hoek                 │
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate      │ Prototype pollution                                          │
│ Package       │ hoek                                                         │
│ Patched in    │ > 4.2.0 < 5.0.0 || >= 5.0.3                                  │
│ Dependency of │ node-sass [dev]                                              │
│ Path          │ node-sass > node-gyp > request > hawk > sntp > hoek          │
│ More info     │ https://nodesecurity.io/advisories/566                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 4 moderate severity vulnerabilities in 38385 scanned packages
  4 vulnerabilities require manual review. See the full report for details.

[woothu]

This vulnerability have been fixed