Node-sass: Vulnerability in node-sass > sass-graph > yargs > yargs-parser

Created on 1 May 2020  路  4Comments  路  Source: sass/node-sass

After npm install --save-dev node-sass sass-loader

  • "node-sass": "^4.14.0",
  • "sass-loader": "^8.0.2"

Get this report:
Low Prototype Pollution

Package yargs-parser

Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2

Dependency of node-sass [dev]

Path node-sass > sass-graph > yargs > yargs-parser

More info https://npmjs.com/advisories/1500

picture stefano-pietroiusti
👍39

Most helpful comment

Fixed in v4.14.1

picture xzyfer on 5 May 2020
👍21 🎉1

All 4 comments

This is affecting me too...

andrewphillipo picture andrewphillipo on 1 May 2020

I'm having the same issue too...

rafaeljosem picture rafaeljosem on 3 May 2020

Also affected by this.

wdews-charter picture wdews-charter on 4 May 2020

Fixed in v4.14.1

xzyfer picture xzyfer on 5 May 2020
👍21 🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

liuyuqiang picture liuyuqiang  路  3Comments
pulkitnandan picture pulkitnandan  路  4Comments
NathanKleekamp picture NathanKleekamp  路  4Comments
paulcpederson picture paulcpederson  路  3Comments
Pixelatex picture Pixelatex  路  3Comments