`npm audit` revealed some vulnerabilities:
```
scss-tokenizer <=0.4.2
Severity: high
Regular expression denial of service in scss-tokenizer - https://github.com/advisories/GHSA-7mwh-4pqv-wmr8
fix available via `npm audit fix --force`
Will install node-sass@4.5.3, which is a breaking change
node_modules/scss-tokenizer
sass-graph >=2.2.0
Depends on vulnerable versions of scss-tokenizer
node_modules/sass-graph
node-sass >=4.6.0
Depends on vulnerable versions of sass-graph
node_modules/node-sass
3 high severity vulnerabilities
```
We don't need node-sass, and sass-loader is just as happy using
another sass implementation. The preferred one is dart-sass which
is simply called sass in npm.
In the process, I also did an `npm update` just for good measure.