Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability in node-sass > sass-graph > yargs > yargs-parser #2912

Closed
stefano-pietroiusti opened this issue May 1, 2020 · 4 comments · Fixed by #2915
Closed

Vulnerability in node-sass > sass-graph > yargs > yargs-parser #2912

stefano-pietroiusti opened this issue May 1, 2020 · 4 comments · Fixed by #2915

Comments

@stefano-pietroiusti
Copy link

stefano-pietroiusti commented May 1, 2020

After npm install --save-dev node-sass sass-loader

  • "node-sass": "^4.14.0",
    
  • "sass-loader": "^8.0.2"
    

Get this report:
Low Prototype Pollution

Package yargs-parser

Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2

Dependency of node-sass [dev]

Path node-sass > sass-graph > yargs > yargs-parser

More info https://npmjs.com/advisories/1500

@andrewphillipo

This comment has been minimized.

@rafaeljosem

This comment has been minimized.

xzyfer added a commit that referenced this issue May 4, 2020
This release fixes #2912 without breaking BC. See xzyfer/sass-graph#110
@wdews-charter

This comment has been minimized.

@xzyfer
Copy link
Contributor

xzyfer commented May 4, 2020

Fixed in v4.14.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants