This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.
Fix ReDoS in certain cases (#37)
You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.
This is a backport of the minor ReDos vulnerability in ansi-regex@<6.0.1, as requested in #38.
Fix ReDoS in certain cases (#37)
You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.
This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.
v2.0.0
This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.
BarChart: support percentage (of chart) for barSize. Helps set size of bar when there are few datapoints Fixes #3640 by @graup in recharts/recharts#4407
A recent release of @types/react broke some builds because they removed certain (unused) events from common event handler attributes. recharts was unknowingly enumerating keys of SVGProps in the Layer component with the old types and causing a type error on tsc with skipLibCheck: false
typescript - Layer: use SVGAttributes instead of SVGProps in forwardRef components by @ckifer in recharts/recharts#4413
typescript - Pie: fix Pie ref which was cast to HTMLElement when the ref is actually referring to SVGGElement. This gave false information to whoever is using ref on the Pie component
Accessibility: remove role attribute from recharts-wrapper which caused an accessibility violation with > 1 chart on the same page by @julianna-langston in recharts/recharts#4386, fixes #4384
RFC 3447 and RFC 8017 allow for optional DigestAlgorithmNULL parameters
for sha* algorithms and require NULL paramters for md2 and md5
algorithms.
1.3.0 - 2022-03-17
Security
Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa
Yahyazadeh (moosa-yahyazadeh@uiowa.edu).
HIGH: Leniency in checking digestAlgorithm structure can lead to
signature forgery.
The code is lenient in checking the digest algorithm structure. This can
allow a crafted structure that steals padding bytes and uses unchecked
portion of the PKCS#1 encoded message to forge a signature when a low
public exponent is being used. For more information, please see
"Bleichenbacher's RSA signature forgery based on implementation
error"
by Hal Finney.
HIGH: Failing to check tailing garbage bytes can lead to signature
forgery.
The code does not check for tailing garbage bytes after decoding a
DigestInfo ASN.1 structure. This can allow padding bytes to be removed
and garbage data added to forge a signature when a low public exponent is
being used. For more information, please see "Bleichenbacher's RSA
signature forgery based on implementation
error"
by Hal Finney.
DigestInfo is not properly checked for proper ASN.1 structure. This can
lead to successful verification with signatures that contain invalid
structures but a valid digest.
[asn1] Add fallback to pretty print invalid UTF8 data.
[asn1] fromDer is now more strict and will default to ensuring all input
bytes are parsed or throw an error. A new option parseAllBytes can disable
this behavior.
NOTE: The previous behavior is being changed since it can lead to
security issues with crafted inputs. It is possible that code doing custom
DER parsing may need to adapt to this new behavior and optional flag.
[rsa] Add and use a validator to check for proper structure of parsed ASN.1
Bumps the npm_and_yarn group with 13 updates in the / directory:
5.0.0
5.0.1
4.1.0
5.0.1
4.2.1
4.2.3
1.4.1
3.1.0
3.3.0
4.0.2
2.0.0
3.1.0
2.0.0
3.0.1
1.8.6
2.12.6
4.18.2
4.19.2
1.15.2
1.15.6
1.1.8
1.1.9
0.10.0
1.3.1
3.11.3
5.0.4
1.0.6
1.0.7
Updates
ansi-regex
from 5.0.0 to 5.0.1Release notes
Sourced from ansi-regex's releases.
Commits
a9babce
5.0.14657833
fix incorrect formatc3c0b3f
Fix potential ReDoS (#37)178363b
Move to GitHub Actions (#35)0755e66
Add@Qix
- to funding.ymlUpdates
ansi-regex
from 4.1.0 to 5.0.1Release notes
Sourced from ansi-regex's releases.
Commits
a9babce
5.0.14657833
fix incorrect formatc3c0b3f
Fix potential ReDoS (#37)178363b
Move to GitHub Actions (#35)0755e66
Add@Qix
- to funding.ymlUpdates
browserify-sign
from 4.2.1 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
Commits
bf2c3ec
v4.2.39247adf
[patch] widen support to 0.12f427270
[Deps] update `parse-asn187f3a35
[Dev Deps] updateaud
,npmignore
,tape
fb261ce
[Deps] updateelliptic
4d0ee49
[patch] drop minimum node support to v19e2bf12
[Deps] pinhash-base
to ~3.0, due to a breaking change168e16f
[Deps] pinelliptic
due to a breaking change37a4758
[actions] remove redundant finisher4af5a90
v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates
d3-color
from 1.4.1 to 3.1.0Release notes
Sourced from d3-color's releases.
Commits
7a1573e
3.1.075c19c4
update LICENSEef94e01
update dependencies5e9f757
method shorthande4bc34e
formatHex8 (#103)ac660c6
{rgb,hsl}.clamp() (#102)70e3a04
clamp HSL format (#101)994d8fd
avoid backtracking (#100)7d61bbe
3.0.193bc4ff
related d3/d33; extract copyrights from LICENSEUpdates
d3-scale
from 3.3.0 to 4.0.2Release notes
Sourced from d3-scale's releases.
Commits
83555bd
4.0.2cfc7d51
update dependencies13491ee
default base 10 log ticks to ~s (#255)0561e75
4.0.1925dd3a
upgrade dependenciesf0180a8
simpler exact ticks9f745d0
exact log ticks (#253)8fd6d25
implicit trim for log ticks (#254)3281b77
Update README.md (#252)07e8aac
update READMEUpdates
d3-scale-chromatic
from 2.0.0 to 3.1.0Release notes
Sourced from d3-scale-chromatic's releases.
Commits
2c52792
update LICENSE0496bc4
3.1.081d50e2
upgrade dependencies14c9b25
Add schemeObservable10 (#51)109cfa3
restructure README (#49)2aa3ad2
3.0.08fc14d0
Adopt type=module (#37)Updates
d3-transition
from 2.0.0 to 3.0.1Release notes
Sourced from d3-transition's releases.
Commits
c4c94c4
3.0.1c7a42c6
update dependenciescb1fc2d
push on prepublishOnly5caa287
fix d3-selection peerDependency98e84f0
3.0.0aa44264
Update README692f025
fix #121; add transition.selectChild[ren]1ac7984
Precise sideEffects. (#115)d1a518c
Adopt type=module (#123)abe6511
Merge pull request #122 from inokawa/patch-1Updates
recharts
from 1.8.6 to 2.12.6Release notes
Sourced from recharts's releases.
... (truncated)
Changelog
Sourced from recharts's changelog.
... (truncated)
Commits
22064ed
2.12.6504518d
Added js suffix to main module and jsnext:main paths in package json (#4431)a705024
fix: The box size of the Tooltip is 0 at the first rendering of TooltipBoundi...bdad6ec
2.12.5ed95633
fix(layer-types): use SVGAttributes instead of SVGProps in forwardRef compone...3d2e8b9
feat(BarChart): support percentage for barSize. Fixes #3640 (#4407)981eb8f
2.12.4db1e020
Remove role attribute from recharts-wrapper (#4386)25c8bbd
feat(pie-chart): applyclassName
to thelabel
andlabelLine
(#4381)76bbdcb
feat(radar-chart): applyclassName
to theRadarChart
component (#4335)Updates
express
from 4.18.2 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
follow-redirects
from 1.15.2 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
ip
from 1.1.8 to 1.1.9Commits
1ecbf2f
1.1.96a3ada9
lib: fixed CVE-2023-42282 and added unit testUpdates
node-forge
from 0.10.0 to 1.3.1Changelog
Sourced from node-forge's changelog.
... (truncated)
Commits
a0a4a42
Release 1.3.1.a33830f
Update changelog.740954d
Allow optional DigestAlgorithm parameters.56f4316
Allow DigestInfo.DigestAlgorith.parameters to be optionalcbf0bd5
Start 1.3.1-0.6c5b901
Release 1.3.0.0f3972a
Update changelog.dc77b39
Fix error checking.bb822c0
Add advisory links.d4395fe
Update changelog.Updates
webpack-dev-server
from 3.11.3 to 5.0.4Release notes
Sourced from webpack-dev-server's releases.
... (truncated)
Changelog
Sourced from webpack-dev-server's changelog.
... (truncated)
Commits
64a1860
chore(release): 5.0.4aab576a
fix(security): bump webpack-dev-middleware (#5112)fb6f22a
chore(deps-dev): bump@commitlint/config-conventional
(#5104)ba9dfb6
chore(deps-dev): bump@commitlint/cli
from 19.0.3 to 19.1.0 (#5103)08cab58
chore(release): 5.0.337f4760
chore(deps-dev): bump@types/node
from 20.11.25 to 20.11.26 (#5102)6e1aed3
fix(types): proxy (#5101)8ea7cb8
chore(deps): bump open from 10.0.4 to 10.1.0 (#5100)c6a3586
chore(deps-dev): bump puppeteer from 22.4.0 to 22.4.1 (#5099)2201442
chore(deps): update (#5096)Updates
path-parse
from 1.0.6 to 1.0.7Commits
Updates
webpack-dev-middleware
from 3.7.3 to 7.2.1Release notes
Sourced from webpack-dev-middleware's releases.