Update dependency node-sass to v7 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
node-sass	^4.12.0 -> ^7.0.0

---

Improper Certificate Validation in node-sass

CVE-2020-24025 / GHSA-r8f7-9pfq-mjmv

More information

Details

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-24025
• https://github.com/sass/node-sass/issues/3067
• https://github.com/sass/node-sass/pull/3149
• https://github.com/sass/node-sass/pull/567#issuecomment-656609236
• https://github.com/sass/node-sass/commit/0a21792803639851b480fbd8cbcb5540ef974387
• https://github.com/sass/node-sass
• https://github.com/sass/node-sass/releases/tag/v7.0.0

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

sass/node-sass (node-sass)

v7.0.0

Compare Source

Breaking changes

• Drop support for Node 15 (@​nschonni)
• Set rejectUnauthorized to true by default (@​scott-ut, #​3149)

Features

• Add support for Node 17 (@​nschonni)

Dependencies

• Bump eslint from 7.32.0 to 8.0.0 (@​nschonni, #​3191)
• Bump fs-extra from 0.30.0 to 10.0.0 (@​nschonni, #​3102)
• Bump npmlog from 4.1.2 to 5.0.0 (@​nschonni, #​3156)
• Bump chalk from 1.1.3 to 4.1.2 (@​nschonni, #​3161)

Community

• Remove double word "support" from documentation (@​pzrq, #​3159)

Misc

• Bump various GitHub Actions dependencies (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 16, 17
OSX	x64	12, 14, 16, 17
Linux*	x64	12, 14, 16, 17
Alpine Linux	x64	12, 14, 16, 17
FreeBSD	i386 amd64	12, 14

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.1

Compare Source

Dependencies

• Remove mkdirp (@​jimmywarting, #​3108)
• Bump meow to 9.0.0 (@​ykolbin, #​3125)
• Bump mocha to 9.0.1 (@​xzyfer, #​3134)

Misc

• Use default Apline version from docker-node (@​nschonni, #​3121)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 15, 16
OSX	x64	12, 14, 15, 16
Linux*	x64	12, 14, 15, 16
Alpine Linux	x64	12, 14, 15, 16
FreeBSD	i386 amd64	12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v6.0.0

Compare Source

Breaking changes

• Drop support for Node 10 (@​nschonni)
• Remove deprecated process.sass API (@​xzyfer, #​2986)

Features

• Add support for Node 16

Community

• Fix typos in Troubleshooting guide (@​independencyinjection, #​3051)
• Improve dependabot configuration (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	12, 14, 15, 16
OSX	x64	12, 14, 15, 16
Linux*	x64	12, 14, 15, 16
Alpine Linux	x64	12, 14, 15, 16
FreeBSD	i386 amd64	12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v5.0.0

Compare Source

Breaking changes

• Only support LTS and current Node versions (@​nschonni)
• Remove deprecated process.sass API (@​xzyfer, #​2986)

Features

• Add support for Node 15
• New node-gyp version that supports building with Python 3

Community

• More inclusive documentation (@​rgeerts, #​2944)
• Enabled dependabot (@​nschonni)
• Improve release automation (@​nschonni)

Fixes

• Bumped many dependencies (@​nschonni)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	10, 12, 14, 15
OSX	x64	10, 12, 14, 15
Linux*	x64	10, 12, 14, 15
Alpine Linux	x64	10, 12, 14, 15
FreeBSD	i386 amd64	10, 12, 14, 15

*Linux support refers to major distributions like Ubuntu, and Debian

v4.14.1

Compare Source

Community

• Add GitHub Actions for Alpine CI (@​nschonni, #​2823)

Fixes

• Bump [email protected] (@​xzyfer, #​2912)

Supported Environments

OS	Architecture	Node
Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^, 14**^
Alpine Linux	x64	6, 8, 10, 11, 12, 13, 14
FreeBSD	i386 amd64	10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+
** Not available on CentOS 5
^ Only available on x64

v4.14.0

Compare Source

https://github.com/sass/node-sass/releases/tag/v4.14.0

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: ui/yarn.lock

warning node-sass > node-gyp > make-fetch-happen > cacache > @npmcli/[email protected]: This functionality has been moved to @npmcli/fs
error Error: EACCES: permission denied, mkdir '/usr/local/share/node_modules'

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: ui/yarn.lock

warning [email protected]: Node Sass is no longer supported. Please use `sass` or `sass-embedded` instead.
warning node-sass > [email protected]: This package is no longer supported.
warning node-sass > node-gyp > [email protected]: This package is no longer supported.
warning node-sass > npmlog > [email protected]: This package is no longer supported.
warning node-sass > node-gyp > npmlog > [email protected]: This package is no longer supported.
warning node-sass > npmlog > [email protected]: This package is no longer supported.
warning node-sass > node-gyp > npmlog > [email protected]: This package is no longer supported.
warning node-sass > node-gyp > [email protected]: Rimraf versions prior to v4 are no longer supported
warning node-sass > node-gyp > make-fetch-happen > cacache > [email protected]: Rimraf versions prior to v4 are no longer supported
warning node-sass > node-gyp > make-fetch-happen > cacache > @npmcli/[email protected]: This functionality has been moved to @npmcli/fs
warning node-sass > node-gyp > make-fetch-happen > cacache > @npmcli/move-file > [email protected]: Rimraf versions prior to v4 are no longer supported
error Error: EACCES: permission denied, mkdir '/usr/local/share/node_modules'