Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to latest version of node-sass #120

Closed
wants to merge 2 commits into from
Closed

Upgrade to latest version of node-sass #120

wants to merge 2 commits into from

Conversation

apalanki
Copy link

@apalanki apalanki commented Apr 2, 2019

  • This would allow support for Node 10.x and 11.x versions
  • I tested this with those versions of node and it works as expected

@apalanki
Copy link
Author

apalanki commented Apr 2, 2019

The Travis build needs to be updated to do the checks for latest versions of node.

@GeeWee
Copy link

GeeWee commented Apr 26, 2019

npm audit has an outstanding security vulnerabillity on node-sass-middleware, hopefully updating this dependency will fix it:

  High            Arbitrary File Overwrite                                      
                                                                                
  Package         tar                                                           
                                                                                
  Patched in      >=4.4.2                                                       
                                                                                
  Dependency of   node-sass-middleware                                          
                                                                                
  Path            node-sass-middleware > node-sass > node-gyp > tar             
                                                                                
  More info       https://npmjs.com/advisories/803                              

@nschonni
Copy link
Contributor

@apalanki since the ^ is already there, NPM will already install 4.11 on install (and 4.12 once it is released)

@GeeWee that is being tracked by sass/node-sass#2625 and tracing down to the Tar repo, it looks like 2.x tar isn't actually vulnerable like the report indicates, but is buggy

@nschonni nschonni closed this Apr 26, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants