[Snyk] Upgrade sass from 1.49.7 to 1.71.1

[DanneelsSophie]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade sass from 1.49.7 to 1.71.1.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 67 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-02-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	522/1000 Why? Proof of Concept exploit, CVSS 8.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	522/1000 Why? Proof of Concept exploit, CVSS 8.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sass

• 1.71.1 - 2024-02-21
  

  To install Sass 1.71.1, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  Command-Line Interface

  • Ship the musl Linux release with the proper Dart executable.

  JavaScript API

  • Export the NodePackageImporter class in ESM mode.

  • Allow NodePackageImporter to locate a default directory even when the entrypoint is an ESM module.

  Dart API

  • Make passing a null argument to NodePackageImporter() a static error rather than just a runtime error.

  Embedded Sass

  • In the JS Embedded Host, properly install the musl Linux embedded compiler when running on musl Linux.

  See the full changelog for changes in earlier releases.

• 1.71.0 - 2024-02-16
  

  To install Sass 1.71.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  For more information about pkg: importers, see the announcement on the Sass blog.

  Command-Line Interface

  • Add a --pkg-importer flag to enable built-in pkg: importers. Currently this only supports the Node.js package resolution algorithm, via --pkg-importer=node. For example, @ use "pkg:bootstrap" will load node_modules/bootstrap/scss/bootstrap.scss.

  JavaScript API

  • Add a NodePackageImporter importer that can be passed to the importers option. This loads files using the pkg: URL scheme according to the Node.js package resolution algorithm. For example, @ use "pkg:bootstrap" will load node_modules/bootstrap/scss/bootstrap.scss. The constructor takes a single optional argument, which indicates the base directory to use when locating node_modules directories. It defaults to path.dirname(require.main.filename).

  Dart API

  • Add a NodePackageImporter importer that can be passed to the importers option. This loads files using the pkg: URL scheme according to the Node.js package resolution algorithm. For example, @ use "pkg:bootstrap" will load node_modules/bootstrap/scss/bootstrap.scss. The constructor takes a single argument, which indicates the base directory to use when locating node_modules directories.

  See the full changelog for changes in earlier releases.

• 1.70.0 - 2024-01-18
  

  To install Sass 1.70.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  JavaScript API

  • Add a sass.initCompiler() function that returns a sass.Compiler object which supports compile() and compileString() methods with the same API as the global Sass object. On the Node.js embedded host, each sass.Compiler object uses a single long-lived subprocess, making compiling multiple stylesheets much more efficient.

  • Add a sass.initAsyncCompiler() function that returns a sass.AsyncCompiler object which supports compileAsync() and compileStringAsync() methods with the same API as the global Sass object. On the Node.js embedded host, each sass.AsynCompiler object uses a single long-lived subprocess, making compiling multiple stylesheets much more efficient.

  Embedded Sass

  • Support the CompileRequest.silent field. This allows compilations with no logging to avoid unnecessary request/response cycles.

  • The Dart Sass embedded compiler now reports its name as "dart-sass" rather than "Dart Sass", to match the JS API's info field.

  See the full changelog for changes in earlier releases.

• 1.69.7 - 2024-01-02
  

  To install Sass 1.69.7, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

  Changes

  Embedded Sass

  • In the JS Embedded Host, properly install the x64 Dart Sass executable on ARM64 Windows.

  See the full changelog for changes in earlier releases.

• 1.69.6 - 2023-12-28
• 1.69.5 - 2023-10-26
• 1.69.4 - 2023-10-17
• 1.69.3 - 2023-10-12
• 1.69.2 - 2023-10-10
• 1.69.1 - 2023-10-09
• 1.69.0 - 2023-10-05
• 1.68.0 - 2023-09-21
• 1.67.0 - 2023-09-14
• 1.66.1 - 2023-08-18
• 1.66.0 - 2023-08-17
• 1.65.1 - 2023-08-09
• 1.65.0 - 2023-08-09
• 1.64.2 - 2023-07-31
• 1.64.1 - 2023-07-22
• 1.64.0 - 2023-07-20
• 1.63.6 - 2023-06-21
• 1.63.5 - 2023-06-21
• 1.63.4 - 2023-06-14
• 1.63.3 - 2023-06-09
• 1.63.2 - 2023-06-08
• 1.63.1 - 2023-06-08
• 1.63.0 - 2023-06-07
• 1.62.1 - 2023-04-25
• 1.62.0 - 2023-04-11
• 1.61.0 - 2023-04-06
• 1.60.0 - 2023-03-23
• 1.59.3 - 2023-03-14
• 1.59.2 - 2023-03-11
• 1.59.1 - 2023-03-10
• 1.59.0 - 2023-03-10
• 1.58.3 - 2023-02-18
• 1.58.2 - 2023-02-17
• 1.58.1 - 2023-02-14
• 1.58.0 - 2023-02-01
• 1.57.1 - 2022-12-19
• 1.57.0 - 2022-12-17
• 1.56.2 - 2022-12-08
• 1.56.1 - 2022-11-09
• 1.56.0 - 2022-11-04
• 1.55.0 - 2022-09-21
• 1.54.9 - 2022-09-07
• 1.54.8 - 2022-08-31
• 1.54.7 - 2022-08-31
• 1.54.6 - 2022-08-29
• 1.54.5 - 2022-08-19
• 1.54.4 - 2022-08-10
• 1.54.3 - 2022-08-04
• 1.54.2 - 2022-08-03
• 1.54.1 - 2022-08-02
• 1.54.0 - 2022-07-22
• 1.53.0 - 2022-06-22
• 1.52.3 - 2022-06-08
• 1.52.2 - 2022-06-03
• 1.52.1 - 2022-05-20
• 1.52.0 - 2022-05-20
• 1.51.0 - 2022-04-26
• 1.50.1 - 2022-04-19
• 1.50.0 - 2022-04-07
• 1.49.11 - 2022-04-01
• 1.49.10 - 2022-03-30
• 1.49.9 - 2022-02-24
• 1.49.8 - 2022-02-17
• 1.49.7 - 2022-02-01

from sass GitHub release notes

Commit messages

Package name: sass

• 1b4d703 Release 1.71.1 (#2182)
• 6d66c43 Properly handle `new NodePackageImporter()` with an ESM entrypoint (#2181)
• 85a932f Add missing ESM export of NodePackageImporter (#2177)
• 786dd63 Fix linux musl builds (#2175)
• 3e6721e Fix new static warnings with Dart 3.3 (#2173)
• 2cab33e Update the language revision in Homebrew on release (#2171)
• 84ededd Use musl support in cli_pkg (#2172)
• 00571ec Add a `--pkg-importer` flag (#2169)
• 84f31f0 Update pubspec/changelog for `pkg:` importers (#2168)
• 9ee5408 [Package Importer] Dart Implementation (#2130)
• 9423aa5 Use macos-14 runner instead of macos-latest-xlarge runner (#2167)
• bbf97b4 Remove the sass dependency from package.json (#2162)
• 076414d [Shared Resources] dart-sass implementation (#2134)
• 0d91c92 Support CompileRequest.silent of embedded protocol (#2160)
• b263a72 Use implementation name dart-sass for VersionResponse (#2156)
• 006baa5 Update the pubspec and changelog for Correct usage on win32-on-arm64 platforms to look for x64 native variant sass/embedded-host-node#266 (#2158)
• 6205eac Add wait time before update website (#2153)
• f3c7be5 Make meta.apply() an AsyncBuiltInCallable (#2152)
• 1fc740d Upload releases for musl-libc and android (#2149)
• 6f665c1 Escape unprintable 0x7F (delete control character) (#2144)
• f5dab76 Bump dartdoc from 7.0.2 to 8.0.2 (#2146)
• 4daf0b4 Escape non-US-ASCII characters in `SassException.toCssString()` (#2143)
• cd798bf Improve inspect() output for complex units (#2138)
• bd80c58 Make LazyFileSpans work in JavaScript (#2142)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs