This repository has been archived by the owner on Jul 24, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
v4.11.0 and v4.12.0 binaries say using libsass 3.5.4 instead of 3.5.5 #2621
Closed
narve opened this issue
Apr 2, 2019
· 4 comments
· Fixed by #2769, Madis0/madis0.github.io#5, behnejad/quera#8, HarryMaher/harrymaher.github.io#14 or Zemhart/project_UAS_PHP#16
Closed
v4.11.0 and v4.12.0 binaries say using libsass 3.5.4 instead of 3.5.5 #2621
narve opened this issue
Apr 2, 2019
· 4 comments
· Fixed by #2769, Madis0/madis0.github.io#5, behnejad/quera#8, HarryMaher/harrymaher.github.io#14 or Zemhart/project_UAS_PHP#16
Labels
Comments
Thanks @narve same here, I just checked as well. My security vulnerability scanners are crying since yesterday under |
4.12 still references 3.5.4 |
Same here, 4.12 referencing libsass 3.5.4, triggering vulnerabilities and making our security folks unhappy. |
saper
changed the title
Vr 4.11 says it has upgraded libsass to 3.5.5 but it actually uses 3.5.4
v4.11.0 and v4.12.0 binaries say using libsass 3.5.4 instead of 3.5.5
Oct 17, 2019
From what I see only the version number did not get updated. The code is really using libsass 3.5.5. |
saper
added a commit
to saper/node-sass
that referenced
this issue
Oct 23, 2019
xzyfer
pushed a commit
that referenced
this issue
Apr 22, 2020
This was referenced Apr 26, 2020
This was referenced Mar 9, 2021
This was referenced Mar 15, 2021
Merged
# for free
to subscribe to this conversation on GitHub.
Already have an account?
#.
What the title says... at least for me, after doing a clean install of node-sass:
Please release a new version with 3.5.5 (or later) due to security vulnerabilities.
And at a minimum the documentation should be updated to state the version it actually uses.
If needed I can try to submit a PR.
(Windows 10 Enterprise, vr 10.0.16299, 64bit)
The text was updated successfully, but these errors were encountered: