You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Can you please bump the dependency to the latest version of node-sass to remove the vulnerable dependency? There is a PR already there to address this: #161 . You may need to do a major version bump of the middleware because the new version of node-sass has dropped support for deprecated Node versions.
request *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
node-sass 1.2.3 - 3.4.2 || 3.5.3 - 7.0.3
Depends on vulnerable versions of request
node_modules/node-sass-middleware/node_modules/node-sass
node-sass-middleware 0.5.0 || >=0.10.0
Depends on vulnerable versions of node-sass
node_modules/node-sass-middleware
The text was updated successfully, but these errors were encountered:
Can you please bump the dependency to the latest version of node-sass to remove the vulnerable dependency? There is a PR already there to address this: #161 . You may need to do a major version bump of the middleware because the new version of node-sass has dropped support for deprecated Node versions.
The text was updated successfully, but these errors were encountered: