Skip to content

chore: 🤖 Renovate auto-bump Update dependency node-sass to 7.0.0 [SECURITY] - abandoned#188

Open
renovate[bot] wants to merge 1 commit intostagingfrom
greenkeeper/npm-node-sass-vulnerability
Open

chore: 🤖 Renovate auto-bump Update dependency node-sass to 7.0.0 [SECURITY] - abandoned#188
renovate[bot] wants to merge 1 commit intostagingfrom
greenkeeper/npm-node-sass-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Mar 7, 2022
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change
node-sass 4.12.0 -> 7.0.0

GitHub Vulnerability Alerts

GHSA-9v62-24cr-58cx

Affected versions of node-sass are vulnerable to Denial of Service (DoS). Crafted objects passed to the renderSync function may trigger C++ assertions in CustomImporterBridge::get_importer_entry and CustomImporterBridge::post_process_return_value that crash the Node process. This may allow attackers to crash the system's running Node process and lead to Denial of Service.

Recommendation

Upgrade to version 4.13.1 or later

CVE-2020-24025

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the greenkeeper/npm-node-sass-vulnerability branch from 284333e to a09607e Compare March 26, 2022 13:20
@renovate renovate bot force-pushed the greenkeeper/npm-node-sass-vulnerability branch from a09607e to 8b8ebed Compare April 25, 2022 02:12
@renovate renovate bot force-pushed the greenkeeper/npm-node-sass-vulnerability branch from 8b8ebed to 55a3b6b Compare May 15, 2022 20:49
@renovate renovate bot changed the title chore: 🤖 Renovate auto-bump Update dependency node-sass to v7.0.0 [SECURITY] chore: 🤖 Renovate auto-bump Update dependency node-sass to 7.0.0 [SECURITY] Jun 18, 2022
@renovate renovate bot changed the title chore: 🤖 Renovate auto-bump Update dependency node-sass to 7.0.0 [SECURITY] chore: 🤖 Renovate auto-bump Update dependency node-sass to 7.0.0 [SECURITY] - abandoned Mar 24, 2023
@renovate
Copy link
Contributor Author

renovate bot commented Mar 24, 2023

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

@renovate renovate bot changed the title chore: 🤖 Renovate auto-bump Update dependency node-sass to 7.0.0 [SECURITY] - abandoned chore: 🤖 Renovate auto-bump Update dependency node-sass to 7.0.0 [SECURITY] Apr 5, 2023
@renovate renovate bot changed the title chore: 🤖 Renovate auto-bump Update dependency node-sass to 7.0.0 [SECURITY] chore: 🤖 Renovate auto-bump Update dependency node-sass to 7.0.0 [SECURITY] - abandoned Apr 17, 2023
@renovate
Copy link
Contributor Author

renovate bot commented Aug 6, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@renovate-bot