Skip to content
This repository has been archived by the owner on May 1, 2020. It is now read-only.

chore(deps): bump node-sass to 4.10.0 to fix security warnings #1493

Merged

Conversation

CyberBLN
Copy link
Contributor

@CyberBLN CyberBLN commented Nov 16, 2018

in node-sass 4.10 required version of package request was updated from v2.79.0 to v2.88.0:
- vulnerable package tunnel-agent v0.4.3 updated to v0.6.0 (request/request@fa48e67)
- vulnerable package hoek removed (request/request@a6741d4)

@provokateurin
Copy link

Please merge this pull request. A lot of packages/project are vulnerable, because of this security issue.

@imhoffd imhoffd merged commit 08d1638 into ionic-team:master Nov 26, 2018
@imhoffd
Copy link
Contributor

imhoffd commented Nov 26, 2018

Thanks @CyberBLN! We'll try leaving the caret (^) in there for now, which will install the latest 4.x of node-sass whenever it's installed.

@Enrico204
Copy link

Thanks @dwieeb ! May I suggest to make a security release soon? Thanks :-)

@imhoffd
Copy link
Contributor

imhoffd commented Nov 26, 2018

Yes, I am making a release now!

@Enrico204
Copy link

Thank you! :-)

trsrm added a commit to powwowinc/ionic-app-scripts-tiny that referenced this pull request Jan 2, 2019
3.1.9:
* fix(2889): fix build error with --prod
* fix(serve): start listening when watch is ready
* fix(live-server): update android platform path (ionic-team#1407)
* docs(changelog): 3.1.9

3.1.10:
* Update node-sass dependency (ionic-team#1435)
Updating node-sass dependency from 4.7.2 to 4.9.0 to make it works with node 10 on windows (build fail with ionic start)
* chore(package): bump deps (ionic-team#1421)
* chore(deps): no package lock
* chore(changelog): 3.1.10

3.1.11:
* fix(serve): fix EADDRINUSE issue with dev logger server
fixes ionic-team/ionic-cli#3368
fixes ionic-team/ionic-cli#1678
fixes ionic-team/ionic-cli#1830
fixes ionic-team/ionic-cli#1721
fixes ionic-team/ionic-cli#1866
fixes ionic-team/ionic-cli#1808
fixes ionic-team/ionic-cli#3022
* docs(changelog): 3.1.11 changes

3.2.0:
* feat(environments): configuration via process.env.VAR replacement (ionic-team#1471)
* fix(sass): remove PostCSS warning (ionic-team#1364)
This removes following warning:
Remove warning: Without `from` option PostCSS could generate wrong source map or do not find Browserslist config. Set it to CSS file path or to `undefined` to prevent this warning
`from: the input file name (most runners set it automatically).`
Source: https://github.com/postcss/postcss
Fixes ionic-team#1359 #13763
ionic-team#1359
ionic-team/ionic-framework#13763
* fix(serve): use wss protocol for secure websocket when page is using https (ionic-team#1358)
* docs(changelog): 3.2.0

3.2.1:
* docs(readme): add note about existing declaration
addresses ionic-team/ionic-cli#3541
* chore(deps): update webpack to 3.12.0 (ionic-team#1477)
* chore(deps): bump node-sass to 4.9.3 to fix security warnings (ionic-team#1483)
* chore(deps): bump node-sass to 4.10.0 to fix security warnings (ionic-team#1493)
* docs(changelog): 3.2.1
@CyberBLN CyberBLN deleted the bump_node-sass_to_fix_security_warnings branch March 11, 2019 14:42
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants