Skip to content
This repository has been archived by the owner on Nov 20, 2023. It is now read-only.

vulnerability in node dependency #15

Closed
etsauer opened this issue May 1, 2018 · 2 comments
Closed

vulnerability in node dependency #15

etsauer opened this issue May 1, 2018 · 2 comments
Labels
bug wontfix
Milestone
vNext

Comments

@etsauer
Copy link
Contributor

etsauer commented May 1, 2018

@rdebeasi the suggested resolution below is quite a bit newer than what we have in our package.json. can we upgrade?

uncontained-vulnerability
@rdebeasi
Copy link
Contributor

rdebeasi commented May 7, 2018

Looks like this is a problem with node-sass v4, which is a dependency of the gulp-sass package that we're using. The problem has been fixed in v5.

We'll probably need to wait for the node-sass folks to either release v5 or backport the fix to v4. The good news is that this dependency is used only when building the theme, so the impact of the vulnerability is most likely limited.

@etsauer etsauer added the bug label May 24, 2018
@rdebeasi rdebeasi added this to the vNext milestone Jul 13, 2018
@stale
Copy link

stale bot commented Jan 14, 2020

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

@stale stale bot added the wontfix label Jan 14, 2020
@stale stale bot closed this as completed Jan 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug wontfix
Projects
None yet
Milestone
vNext
Development

No branches or pull requests
2 participants
@rdebeasi @etsauer