node-sass-middleware icon indicating copy to clipboard operation
node-sass-middleware copied to clipboard

Published 20 hours ago verified publisher icon sass

Dependency on a vulnerable version of node-sass /request

Open YasharF opened this issue 2 years ago • 0 comments
trafficstars

Can you please bump the dependency to the latest version of node-sass to remove the vulnerable dependency? There is a PR already there to address this: https://github.com/sass/node-sass-middleware/pull/161 . You may need to do a major version bump of the middleware because the new version of node-sass has dropped support for deprecated Node versions.

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6

  node-sass  1.2.3 - 3.4.2 || 3.5.3 - 7.0.3
  Depends on vulnerable versions of request
  node_modules/node-sass-middleware/node_modules/node-sass
    node-sass-middleware  0.5.0 || >=0.10.0
    Depends on vulnerable versions of node-sass
    node_modules/node-sass-middleware

YasharF avatar Jul 13 '23 21:07 YasharF