Skip to content

[Snyk] Upgrade chart.js from 2.5.0 to 2.9.4 #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade chart.js from 2.5.0 to 2.9.4 #4

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Jun 30, 2021

Snyk has created this PR to upgrade chart.js from 2.5.0 to 2.9.4.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 12 versions ahead of your current version.
  • The recommended version was released 8 months ago, on 2020-10-18.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-CHARTJS-1018716		 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: chart.js
  • 2.9.4 - 2020-10-18

    This is the last release of v2 and focused on fixing bugs identified in the v2.9.3 release.

    Bugs Fixed

    • #7404 - Preserve prototypes when cloning. Thanks @ iddings
    • #7587 - Fix docs for external moment.js. Thanks @ mojoaxel
    • #7853 - Fix box recursion when dimensions are NaN. Thanks @ alessandroasm
    • #7883 - Fix call stack exception when computing label sizes. Thanks @ silentmatt
    • #7918 - Prevent global prototype pollution via the merge helper
    • #7920 - Use Object.create(null) as merge target, to prevent prototype pollution
  • 2.9.3 - 2019-11-14

    Bug Fixes

    • #6698 Fix undefined variable
    • #6719 Don't make legend empty when fill is false

    Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@ kurkle, @ benmccann, and @ etimberg).

  • 2.9.2 - 2019-11-02

    Bug Fixes

    • #6641 IE11 & Edge compatible style injection
    • #6655 Backwards compatible default fill for radar charts
    • #6660 Improve clipping of line charts when border widths are large
    • #6661 When a legend item is clicked, make sure the correct item is hidden
    • #6663 Refresh package-lock file to pick up new dependency

    Performance

    • #6671 Stop unnecessary line calculations

    Documentation

    • #6643 Combine performance documentation sections

    Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@ nagix, @ kurkle, @ benmccann, @ etimberg and @ simonbrunel).

  • 2.9.1 - 2019-10-27

    Bug Fixes

    • #6603 Fix deprecation warnings for horizontal bar charts
    • #6608 Fix zoom plugin by no longer clipping scale.getDecimalForPixel to the chart area
    • #6617 Non numeric Y axes did not work

    Documentation

    • #6613 Add link to performance documentation

    Development

    • #6609 - Tests no longer use deprecated options

    Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@ nagix, @ kurkle, @ benmccann, @ etimberg and @ simonbrunel).

  • 2.9.0 - 2019-10-26
  • 2.8.0 - 2019-03-14
  • 2.8.0-rc.1 - 2019-03-04
  • 2.7.3 - 2018-10-15
  • 2.7.2 - 2018-03-01
  • 2.7.1 - 2017-10-28
  • 2.7.0 - 2017-09-10
  • 2.6.0 - 2017-05-25
  • 2.5.0 - 2017-02-08
from chart.js GitHub release notes
Commit messages
Package name: chart.js
  • 1d92605 Use Object.create(null) as `merge` target (#7920)
  • dff7140 When objects are merged together, the target prototype can be polluted. (#7918)
  • d919188 Bump verison number to v2.9.4
  • 42ed589 Fix Maximum call stack size exception in computeLabelSizes (#7883)
  • 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (#7853)
  • 2493cb5 Use node v12.18.2 on Travis CI (#7864)
  • 679ec4a docs: fix rollup external moment (#7587)
  • 484f0d1 Preserve object prototypes when cloning (#7404)
  • 2df6986 Look for any branch starting with release (#7087) (#7089)
  • 26ea9f0 Update version number to 2.9.3 (#6725)
  • a307a2a Don't make legend empty when fill is false (#6719)
  • c44229f Fix undefined variable (#6698)
  • a985fec Stop unnecessary line calculations (#6671)
  • 1cce8a5 Backward compatible default `fill` for radar charts (#6655)
  • a920bfe Hide correct dataset from legend (#6661)
  • 201fe46 Versatile clipping for lines (#6660)
  • ad26311 Refresh package-lock to pick up new version of chartjs-colors (#6663)
  • 8abfbcb Update version number to v2.9.2 (#6657)
  • 45550ed Combine performance docs (#6643)
  • 65421bb Use `document` when `getRootNode` is unsupported (#6641)
  • a92dd7b Release v2.9.1 (#6618)
  • 26b9d1f Merge pull request #6601 from chartjs/master
  • ea100d4 Bump version number to 2.9.0 (#6600)
  • 333118b Hover styling for dataset in 'dataset' mode (#6527)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot