This repository has been archived by the owner on Jul 24, 2024. It is now read-only.
Audit issues with the latest version #2657
Comments
|
Duplicate of #2625 |
jiongle1
pushed a commit
to scantist-ossops-m2/node-sass
that referenced
this issue
Apr 7, 2024
Fixes sass#2657 Incorporates the following utfcpp patches: 1. Sass addition of `retreat`. nemtrif/utfcpp#20 2. Fix for `replace_invalid` throwing on incomplete sequence at the end of the input. nemtrif/utfcpp#21
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Already tried everything including deleting the lock file and the entire node_modules folder.
This audit error doesn't make sense since I am using the latest version but it is an error on the old version.
Docker version: node:10.15.3-jessie
NPM version (
npm -v): 6.4.1Node version (
node -v): v10.15.3Node Process (
node -p process.versions):{ http_parser: '2.8.0',
node: '10.15.3',
v8: '6.8.275.32-node.51',
uv: '1.23.2',
zlib: '1.2.11',
ares: '1.15.0',
modules: '64',
nghttp2: '1.34.0',
napi: '3',
openssl: '1.1.0j',
icu: '62.1',
unicode: '11.0',
cldr: '33.1',
tz: '2018e' }
Node Platform (
node -p process.platform): linuxNode architecture (
node -p process.arch): x64node-sass version (
node -p "require('node-sass').info"):node-sass 4.12.0 (Wrapper) [JavaScript]
libsass 3.5.4 (Sass Compiler) [C/C++]
npm node-sass versions (
npm ls node-sass):`-- [email protected]
Audit error (
npm audit):Manual Review
Some vulnerabilities require your attention to resolve
Visit https://go.npm.me/audit-guide for additional guidance
High Arbitrary File Overwrite
Package tar
Patched in >=4.4.2
Dependency of node-sass [dev]
Path node-sass > node-gyp > tar
More info https://nodesecurity.io/advisories/803
found 1 high severity vulnerability in 31872 scanned packages
1 vulnerability requires manual review. See the full report for details.
The text was updated successfully, but these errors were encountered: