[Snyk] Upgrade less from 2.7.3 to 4.4.0

[SherfeyInv]

Snyk has created this PR to upgrade less from 2.7.3 to 4.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 66 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	750	Proof of Concept

Release notes

Package name: less

• 4.4.0 - 2025-07-16
  
  • #4337 Add support for layer at-rule (@ puckowski)
  • #4340 Add support for import at-rule layer functionality (@ puckowski)
  • #4346 Fix #4343 add color operands (@ puckowski)
• 4.3.0 - 2025-04-05
  

  #4319 Add deprecation warnings to Less output during parsing and new quiet flag (@ matthew-dean)
  #4320 Update README.md to remove Lerna reference (@ matthew-dean)
  #4322 Revise Playwright install method for CI stability (@ puckowski)
  #4333 Add support for starting-style at rule. (@ puckowski)

• 4.2.2 - 2025-01-19
  

  #4290 Fix #4268 nested pseudo-selector parsing (@ puckowski)
  #4291 Enhance Less.js test environment setup (#4291) (@ iChenLei)
  #4295 Fix #4252 container queries created via mixin evaluating variables incorrectly (@ puckowski)
  #4294 Fix #3737 allow blank variable declarationd (@ puckowski)
  #4292 Fix #4258 variable interpolation after math (@ puckowski)
  #4293 Fix #4264 strip line comment from expression (@ puckowski)
  #4302 Fix #4301 at-rule declarations missing (@ puckowski)
  #4309 Fix Node 23 CI (#4309) (@ iChenLei)

• 4.2.1 - 2024-11-25
  
  • #4235 Fix container style queries extra space resolved (@ puckowski)
• 4.2.0 - 2023-08-05
  
  • #3811 add support for container queries (@ puckowski)
  • #3761 fix faulty source map generation with variables in selectors, fixes #3567 (@ pgoldberg)
  • #3700 parsing variables fail when there is no trailing semicolon (@ b-kelly)
  • #3719 modify this pointer so that it is not empty. (@ lumburr)
  • #3649 fixes #2991 empty @ media queries generated when compiling less file with (reference) to bootstrap (@ MoonCoral)
• 4.1.3 - 2022-06-08
  
  • #3673 Feat: add support for case-insensitive attribute selectors (#3673) (@ iChenLei)
  • #3710 Feat: add disablePluginRule flag for render() options (#3710) (@ broofa @ edhgoose)
  • #3656 Fix #3655 for param tag is null (#3658) (@ langren1353)
  • #3658 Fix #3646 forcefully change unsupported input to strings (#3658) (@ gzb1128)
  • #3668 Fix change keyword plugin and import regexp (#3668) (@ iChenLei)
  • #3613 Fix #3591: refactor debugInfo from class to function (#3613) (@ drdevlin)
  • #3716 Fix https failures on macOS (#3716) (@ joeyparrish)
• 4.1.2 - 2021-10-03
  
  • #3602 Fix currentFileInfo and index properties on nodes (#3602) (@ bjpbakker)
  • #3626 Fix #3616 IfStatement requires double parentheses when dividing (#3626) (@ iChenLei)
  • #3630 Fix needle dependency warning typo. (#3630) (@ cjwilsontech)
• 4.1.1 - 2021-01-31
  
  • #3597 Fix expected response when there's a socket error (#3597) (@ zxfrank)
  • #3589 Fixes #3586 (#3589) (@ matthew-dean)
• 4.1.0 - 2021-01-10
  

  Mixin parentheses requirement removed

  This was maybe too big a change without some kind of deprecation or conversion.
  So for this version, this works again:

  .mixin;
  

  • #3582 Fix #3576 import redirects. Replace native-request with needle. (#3582) (@ zaquest)
  • #3583 Update rollup and other build dependencies (#3583) (@ pravi)
  • #3588 Roll back paren requirement on mixin calls (#3588) (@ matthew-dean)
• 4.0.1-alpha.2 - 2020-12-05
• 4.0.1-alpha.0 - 2020-12-05
• 4.0.0 - 2020-12-18
  

  This release has 2 breaking changes:

  Parentheses required for mixin calls

  This aligns it with syntax for calling detached rulesets.

  Example

  .mixin() {}
  .mixin;  // error in 4.0

  Parens-division now the default math setting

  Parentheses are required (by default) around division-like expressions, to force math evaluation.

  Example:

  @ ratio_large: 16;
  @ ratio_small: 9;

  / The following will produce device-aspect-ratio: 1.77777778 by default in 3.x */
  @ media all and (device-aspect-ratio: @ ratio_large / @ ratio_small) {
  .body { max-width: 800px; }
  }

  Produces:

  @ media all and (device-aspect-ratio: 16 / 9) {
    .body {
      max-width: 800px;
    }
  }

  You can, of course, get old math behavior. See: http://lesscss.org/usage/#less-options-math

  What's New

  • min() / max() functions can pass-through if it cannot be evaluated in Less
  • isdefined() can be used to test if variables are defined (e.g. isdefined(@ unknown))
  • New rgb color syntax supported (e.g. rgb(0 128 255 / 50%))
• 3.13.1 - 2020-12-18
• 3.13.1-next.1 - 2020-12-17
• 3.13.1-alpha.1 - 2020-09-29
• 3.13.0 - 2020-12-12
• 3.13.0-alpha.12 - 2020-12-08
• 3.13.0-alpha.10 - 2020-12-08
• 3.13.0-alpha.3 - 2020-12-17
• 3.13.0-alpha.2 - 2020-12-17
• 3.12.2 - 2020-07-16
• 3.12.1 - 2020-07-16
• 3.12.1-alpha.13 - 2020-12-05
• 3.12.1-alpha.12 - 2020-12-08
• 3.12.0 - 2020-07-13
• 3.11.3 - 2020-06-05
• 3.11.2 - 2020-06-01
• 3.11.1 - 2020-02-11
• 3.11.0 - 2020-02-09
• 3.10.3 - 2019-08-23
• 3.10.2 - 2019-08-21
• 3.10.1 - 2019-08-18
• 3.10.0 - 2019-08-17
• 3.10.0-beta.2 - 2019-08-08
• 3.10.0-beta - 2019-08-03
• 3.9.0 - 2018-11-29
• 3.8.1 - 2018-08-08
• 3.8.0 - 2018-07-23
• 3.7.1 - 2018-07-11
• 3.7.0 - 2018-07-11
• 3.6.0 - 2018-07-10
• 3.5.3 - 2018-07-06
• 3.5.2 - 2018-07-06
• 3.5.1 - 2018-07-05
• 3.5.0 - 2018-07-05
• 3.5.0-beta.7 - 2018-07-04
• 3.5.0-beta.6 - 2018-07-03
• 3.5.0-beta.5 - 2018-07-02
• 3.5.0-beta.4 - 2018-06-30
• 3.5.0-beta.3 - 2018-06-30
• 3.5.0-beta.2 - 2018-06-27
• 3.5.0-beta - 2018-06-25
• 3.0.4 - 2018-05-07
• 3.0.2 - 2018-04-21
• 3.0.1 - 2018-02-15
• 3.0.0 - 2018-02-11
• 3.0.0-pre.4 - 2016-10-21
• 3.0.0-pre.3 - 2016-07-18
• 3.0.0-pre.2 - 2016-07-14
• 3.0.0-pre.1 - 2016-07-13
• 3.0.0-alpha.4 - 2017-10-24
• 3.0.0-alpha.3 - 2017-10-09
• 3.0.0-alpha.2 - 2017-01-11
• 3.0.0-alpha.1 - 2017-01-01
• 3.0.0-RC.2 - 2018-02-11
• 3.0.0-RC.1 - 2018-02-04
• 2.7.3 - 2017-10-24

from less GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	safer-buffer@​2.1.2
	uid2@​0.0.4
	parse-node-version@​1.0.1
	passport-strategy@​1.0.0
	passport-github@​0.1.5 ⏵ 1.1.0	+1		+10
	make-dir@​2.1.0
	passport-oauth2@​1.8.0
	needle@​3.3.1
	less@​2.7.3 ⏵ 4.4.0			-11
	base64url@​3.0.1
	copy-anything@​2.0.6
	is-what@​3.14.1
	tslib@​2.8.1
	semver@​5.4.1 ⏵ 5.7.2	+1	+16	+1	+1

View full report