[Snyk] Security upgrade node-sass from 4.9.3 to 7.0.2

[donsantos]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
• package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00348, Social Trends: No, Days since published: 981, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-sass

The new version differs by 156 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[prisma-cloud-devsecops]

mongodb 3.1.4 / package.json

Total vulnerabilities: 4

Critical: 1	High: 2	Medium: 1	Low: 0

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2020-7610	CRITICAL	9.8	-	Open
CVE-2022-25883	HIGH	7.5	-	Open
GHSA-mh5c-679w-hh4r	HIGH	7	3.1.13	Open
CVE-2019-2391	MEDIUM	5.4	-	Open

[prisma-cloud-devsecops]

node-sass 7.0.2 / package.json

Total vulnerabilities: 1

Critical: 0	High: 1	Medium: 0	Low: 0

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2022-3517	HIGH	7.5	-	Open

[prisma-cloud-devsecops]

postcss-loader 3.0.0 / package.json

Total vulnerabilities: 10

Critical: 1	High: 5	Medium: 4	Low: 0

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2022-37601	CRITICAL	9.8	-	Open
CVE-2022-37599	HIGH	7.5	-	Open
CVE-2022-37603	HIGH	7.5	-	Open
CVE-2022-46175	HIGH	8.8	-	Open
GHSA-8j8c-7jfh-h6hx	HIGH	7	-	Open
CVE-2021-23382	HIGH	7.5	-	Open
CVE-2020-15366	MEDIUM	5.6	-	Open
CVE-2023-44270	MEDIUM	5.3	-	Open
GHSA-2pr6-76vf-7546	MEDIUM	5.9	-	Open
CVE-2021-23368	MEDIUM	5.3	-	Open