[Snyk] Upgrade gulp-sass from 4.0.1 to 4.1.1 #4

chrisspradling1980 · 2022-12-02T22:15:47Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade gulp-sass from 4.0.1 to 4.1.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released a year ago, on 2021-06-24.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
NULL Pointer Dereference SNYK-JS-NODESASS-535505	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Out-of-bounds Read SNYK-JS-NODESASS-535501	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Prototype Pollution SNYK-JS-LODASHMERGEWITH-174136	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-73638	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-608086	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-450202	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Uninitialized Memory Exposure npm:tunnel-agent:20170305	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Prototype Pollution npm:hoek:20180212	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Denial of Service (DoS) SNYK-JS-NODESASS-542662	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Denial of Service (DoS) SNYK-JS-NODESASS-540982	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Resource Exhaustion SNYK-JS-NODESASS-535504	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Use After Free SNYK-JS-NODESASS-535497	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Prototype Pollution SNYK-JS-JSONPOINTER-598804	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	547/1000 Why? Proof of Concept exploit, CVSS 8.8	No Known Exploit
Prototype Pollution SNYK-JS-JSONPOINTER-1577288	547/1000 Why? Proof of Concept exploit, CVSS 8.8	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: gulp-sass

4.1.1 - 2021-06-24
Dependencies
- Bump lodash@^4.17.20 (@ Larinar, #776)
4.1.0 - 2020-04-23
Features
- Update modified time on output file (@ WraithKenny, #706)
Dependencies
- Migrate to the lodash package (@ stof, #728)
4.0.2 - 2018-10-16
Documentation
- Document how to use Dart Sass (@ nex3, #672)
4.0.1 - 2018-04-08
Fixes
- logError causing an error (@ DKvistgaard, #681)