dhulme / money-manager

Desktop application for managing your personal finances
https://dhulme.uk/money-manager
MIT License
16 stars 4 forks source link

[Snyk] Security upgrade chart.js from 2.9.3 to 2.9.4 #70

Closed snyk-bot closed 3 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-CHARTJS-1018716
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: chart.js The new version differs by 9 commits.
  • 1d92605 Use Object.create(null) as `merge` target (#7920)
  • dff7140 When objects are merged together, the target prototype can be polluted. (#7918)
  • d919188 Bump verison number to v2.9.4
  • 42ed589 Fix Maximum call stack size exception in computeLabelSizes (#7883)
  • 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (#7853)
  • 2493cb5 Use node v12.18.2 on Travis CI (#7864)
  • 679ec4a docs: fix rollup external moment (#7587)
  • 484f0d1 Preserve object prototypes when cloning (#7404)
  • 2df6986 Look for any branch starting with release (#7087) (#7089)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

dhulme commented 3 years ago

Done manually