Update dependency node-sass to v7 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
node-sass	^4.9.0 -> ^7.0.0

GitHub Vulnerability Alerts

GHSA-9v62-24cr-58cx

Affected versions of node-sass are vulnerable to Denial of Service (DoS). Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::get_importer_entry and CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.

Recommendation

Upgrade to version 4.13.1 or later

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

---

Release Notes

sass/node-sass

v7.0.0

Compare Source

Breaking changes

• Drop support for Node 15 (@​nschonni)
• Set rejectUnauthorized to true by default (@​scott-ut, #​3149)

Features

• Add support for Node 17 (@​nschonni)

Dependencies

• Bump eslint from 7.32.0 to 8.0.0 (@​nschonni, #​3191)
• Bump fs-extra from 0.30.0 to 10.0.0 (@​nschonni, #​3102)
• Bump npmlog from 4.1.2 to 5.0.0 (@​nschonni, #​3156)
• Bump chalk from 1.1.3 to 4.1.2 (@​nschonni, #​3161)

Community

• Remove double word "support" from documentation (@​pzrq, #​3159)

Misc

• Bump various GitHub Actions dependencies (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 16, 17
OSX	x64	12, 14, 16, 17
Linux*	x64	12, 14, 16, 17
Alpine Linux	x64	12, 14, 16, 17
FreeBSD	i386 amd64	12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Compare Source

Dependencies

• Remove mkdirp (@​jimmywarting, #​3108)
• Bump meow to 9.0.0 (@​ykolbin, #​3125)
• Bump mocha to 9.0.1 (@​xzyfer, #​3134)

Misc

• Use default Apline version from docker-node (@​nschonni, #​3121)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 15, 16
OSX	x64	12, 14, 15, 16
Linux*	x64	12, 14, 15, 16
Alpine Linux	x64	12, 14, 15, 16
FreeBSD	i386 amd64	12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.0

Compare Source

Breaking changes

• Drop support for Node 10 (@​nschonni)
• Remove deprecated process.sass API (@​xzyfer, #​2986)

Features

• Add support for Node 16

Community

• Fix typos in Troubleshooting guide (@​independencyinjection, #​3051)
• Improve dependabot configuration (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 15, 16
OSX	x64	12, 14, 15, 16
Linux*	x64	12, 14, 15, 16
Alpine Linux	x64	12, 14, 15, 16
FreeBSD	i386 amd64	12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v5.0.0

Compare Source

Breaking changes

• Only support LTS and current Node versions (@​nschonni)
• Remove deprecated process.sass API (@​xzyfer, #​2986)

Features

• Add support for Node 15
• New node-gyp version that supports building with Python 3

Community

• More inclusive documentation (@​rgeerts, #​2944)
• Enabled dependabot (@​nschonni)
• Improve release automation (@​nschonni)

Fixes

• Bumped many dependencies (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	10, 12, 14, 15
OSX	x64	10, 12, 14, 15
Linux*	x64	10, 12, 14, 15
Alpine Linux	x64	10, 12, 14, 15
FreeBSD	i386 amd64	10, 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v4.14.1

Compare Source

Community

• Add GitHub Actions for Alpine CI (@​nschonni, #​2823)

Fixes

• Bump [email protected] (@​xzyfer, #​2912)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^, 14**^
Alpine Linux	x64	6, 8, 10, 11, 12, 13, 14
FreeBSD	i386 amd64	10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+
** Not available on CentOS 5
^ Only available on x64

v4.14.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.14.0

v4.13.1

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.13.0

v4.12.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.12.0

v4.11.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.11.0

v4.10.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.10.0

v4.9.4

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.9.4

v4.9.3

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.9.3

v4.9.2

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.9.2

v4.9.1

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.9.1

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.