[Snyk] Upgrade node-sass from 4.13.1 to 9.0.0

[YoutacRandS-VA]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade node-sass from 4.13.1 to 9.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 11 versions ahead of your current version.
• The recommended version was released 5 months ago, on 2023-05-20.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
	Improper Certificate Validation SNYK-JS-NODESASS-1059081	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	624/1000 Why? Has a fix available, CVSS 8.2	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: node-sass

• 9.0.0 - 2023-05-20
  

  What's Changed

  • Node 20 support by @ nschonni in #3355

  Breaking changes

  • Drop support for Node 14 (@ nschonni)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	16, 18, 19, 20
  OSX	x64	16, 18, 19, 20
  Linux*	x64	16, 18, 19, 20
  Alpine Linux	x64	16, 18, 19, 20

  *Linux support refers to major distributions like Ubuntu, and Debian

• 8.0.0 - 2022-11-09
  

  What's Changed

  • Fix binaries being partially downloaded by @ xzyfer in #3313
  • Bump node-gyp and nan for node 19 support by @ xzyfer in #3314
  • feat: Node 18 and 19 support and drop Node 17 by @ nschonni in #3257

  Breaking changes

  • Drop support for Node 12 (@ nschonni)
  • Drop support for Node 17 (@ nschonni)
  • Set rejectUnauthorized to true by default (@ scott-ut, #3149)

  Features

  • Add support for Node 18 (@ nschonni)
  • Add support for Node 19 (@ nschonni)
  • Replace request with make-fetch-happen (@ CamilleDrapier @ xzyfer, #3193, #3313)

  Dependencies

  • Bump true-case-path@2.2.1
  • Bump node-gyp @ 9.0.0
  • Bump nan@^2.17.0
  • Bump sass-graph@^4.0.1

  Misc

  • Bump various GitHub Actions dependencies (@ nschonni)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	14, 16, 18, 19
  OSX	x64	14, 16, 18, 19
  Linux*	x64	14, 16, 18, 19
  Alpine Linux	x64	14, 16, 18, 19
  FreeBSD	i386 amd64	12, 14

  *Linux support refers to major distributions like Ubuntu, and Debian

• 7.0.3 - 2022-09-08
  

  Dependencies

  • Bump sass-graph from 4.0.0 to ^4.0.1

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	12, 14, 16, 17
  OSX	x64	12, 14, 16, 17
  Linux*	x64	12, 14, 16, 17
  Alpine Linux	x64	12, 14, 16, 17
  FreeBSD	i386 amd64	12, 14

  *Linux support refers to major distributions like Ubuntu, and Debian

• 7.0.2 - 2022-09-08
  

  This release has been unpublished

• 7.0.1 - 2021-12-27
  

  Dependencies

  • Bump node-gyp from 7.1.2 to 8.4.1
  • Bump sass-graph from 2.2.5 to 4.0.0

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	12, 14, 16, 17
  OSX	x64	12, 14, 16, 17
  Linux*	x64	12, 14, 16, 17
  Alpine Linux	x64	12, 14, 16, 17
  FreeBSD	i386 amd64	12, 14

  *Linux support refers to major distributions like Ubuntu, and Debian

• 7.0.0 - 2021-12-06
  

  Breaking changes

  • Drop support for Node 15 (@ nschonni)
  • Set rejectUnauthorized to true by default (@ scott-ut, #3149)

  Features

  • Add support for Node 17 (@ nschonni)

  Dependencies

  • Bump eslint from 7.32.0 to 8.0.0 (@ nschonni, #3191)
  • Bump fs-extra from 0.30.0 to 10.0.0 (@ nschonni, #3102)
  • Bump npmlog from 4.1.2 to 5.0.0 (@ nschonni, #3156)
  • Bump chalk from 1.1.3 to 4.1.2 (@ nschonni, #3161)

  Community

  • Remove double word "support" from documentation (@ pzrq, #3159)

  Misc

  • Bump various GitHub Actions dependencies (@ nschonni)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	12, 14, 16, 17
  OSX	x64	12, 14, 16, 17
  Linux*	x64	12, 14, 16, 17
  Alpine Linux	x64	12, 14, 16, 17
  FreeBSD	i386 amd64	12, 14

  *Linux support refers to major distributions like Ubuntu, and Debian

• 6.0.1 - 2021-06-24
  

  Dependencies

  • Remove mkdirp (@ jimmywarting, #3108)
  • Bump meow to 9.0.0 (@ ykolbin, #3125)
  • Bump mocha to 9.0.1 (@ xzyfer, #3134)

  Misc

  • Use default Apline version from docker-node (@ nschonni, #3121)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	12, 14, 15, 16
  OSX	x64	12, 14, 15, 16
  Linux*	x64	12, 14, 15, 16
  Alpine Linux	x64	12, 14, 15, 16
  FreeBSD	i386 amd64	12, 14, 15

  *Linux support refers to major distributions like Ubuntu, and Debian

• 6.0.0 - 2021-05-08
  

  Breaking changes

  • Drop support for Node 10 (@ nschonni)
  • Remove deprecated process.sass API (@ xzyfer, #2986)

  Features

  • Add support for Node 16

  Community

  • Fix typos in Troubleshooting guide (@ independencyinjection, #3051)
  • Improve dependabot configuration (@ nschonni)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	12, 14, 15, 16
  OSX	x64	12, 14, 15, 16
  Linux*	x64	12, 14, 15, 16
  Alpine Linux	x64	12, 14, 15, 16
  FreeBSD	i386 amd64	12, 14, 15

  *Linux support refers to major distributions like Ubuntu, and Debian

• 5.0.0 - 2020-10-31
  

  Breaking changes

  • Only support LTS and current Node versions (@ nschonni)
  • Remove deprecated process.sass API (@ xzyfer, #2986)

  Features

  • Add support for Node 15
  • New node-gyp version that supports building with Python 3

  Community

  • More inclusive documentation (@ rgeerts, #2944)
  • Enabled dependabot (@ nschonni)
  • Improve release automation (@ nschonni)

  Fixes

  • Bumped many dependencies (@ nschonni)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	10, 12, 14, 15
  OSX	x64	10, 12, 14, 15
  Linux*	x64	10, 12, 14, 15
  Alpine Linux	x64	10, 12, 14, 15
  FreeBSD	i386 amd64	10, 12, 14, 15

  *Linux support refers to major distributions like Ubuntu, and Debian

• 4.14.1 - 2020-05-04
  

  Community

  • Add GitHub Actions for Alpine CI (@ nschonni, #2823)

  Fixes

  • Bump sass-graph@2.2.5 (@ xzyfer, #2912)

  Supported Environments

  OS	Architecture	Node
  Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
  Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^, 14**^
  Alpine Linux	x64	6, 8, 10, 11, 12, 13, 14
  FreeBSD	i386 amd64	10, 12, 13

  *Linux support refers to Ubuntu, Debian, and CentOS 5+
  ** Not available on CentOS 5
  ^ Only available on x64

• 4.14.0 - 2020-04-23
• 4.13.1 - 2020-01-16

from node-sass GitHub release notes

Commit messages

Package name: node-sass

• 87f3899 feat: Node 20 support (#3355)
• 06ae4c7 build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)
• e069f73 build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0
• c34837d build(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0
• ee13eb9 8.0.0
• 98e75b3 feat: Node 18 and 19 support and drop Node 17 (#3257)
• e9bb866 Bump node-gyp and nan for node 19 support (#3314)
• ab7840b Fix binaries being partially downloaded (#3313)
• d595abf 7.0.3
• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs