search

Watemlifts / redash

Make Your Company Data Driven. Connect to any data source, easily visualize, dashboard and share your data.
http://redash.io/
BSD 2-Clause "Simplified" License
1 stars 0 forks source link

[Snyk] Security upgrade plotly.js from 1.41.3 to 1.49.0 #245

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 471/1000
Why? Recently disclosed, Has a fix available, CVSS 3.7		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: plotly.js The new version differs by 250 commits.
  • dfc06ce 1.49.0
  • 9e371f7 update changelog for 1.49.0
  • 96fe262 Merge pull request #4063 from plotly/reuse-merge-array-cast-positive
  • f9db523 cast bad size values to zero instead of NaN - fixup scattergeo jasmine test
  • 39b9840 add jasmine tests to guard against negative sizes during calc step
  • 539d7b7 Merge pull request #4075 from plotly/dev-deps-07-2019
  • e61ee25 bump eslint to 6.1.0 + disable `no-prototype-builtins` rule
  • e0a17f3 bump dev deps
  • cfcf746 run `npm audit fix`
  • a9e7480 Merge pull request #4035 from plotly/mapbox-style-better-docs
  • 29c2bf9 improve mapbox layer `source` and `type` descriptions (again)
  • 1400437 Merge pull request #4064 from plotly/minor-log-axes-no-suffix-prefix
  • cb521f5 improve mock by adding trace names based on their y-axis info
  • 27067a6 only skip prefix and suffix for D log axes - improve test
  • d81f28c improve mapbox.layers[i] sourcetype and type attr descriptions
  • b933528 mprove `mapbox.style` description (take 3)
  • 81f9d53 use styleValuesNonMapbox in mapbox.style attr declaration
  • a460be0 resolves #4059 - throw error msg about "missing style"
  • d4a2308 bump mapbox-gl to 1.1.1
  • 84e79e4 Merge pull request #3991 from pynklu/2206-configurable-double-click-delay
  • 1b15616 Merge branch 'master' into mapbox-style-better-docs
  • 1bebca6 Merge pull request #4069 from plotly/mapbox-attributions-inject-css
  • 1415344 improve doubleClickDelay description
  • 4db3809 Merge pull request #4068 from plotly/mapbox-extra-tilesets
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution