mirmat / another-covid-19-tracker

0 stars 0 forks source link

[Snyk] Security upgrade chart.js from 2.9.3 to 2.9.4 #1

Closed snyk-bot closed 1 year ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-CHARTJS-1018716
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: chart.js The new version differs by 9 commits.
  • 1d92605 Use Object.create(null) as `merge` target (#7920)
  • dff7140 When objects are merged together, the target prototype can be polluted. (#7918)
  • d919188 Bump verison number to v2.9.4
  • 42ed589 Fix Maximum call stack size exception in computeLabelSizes (#7883)
  • 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (#7853)
  • 2493cb5 Use node v12.18.2 on Travis CI (#7864)
  • 679ec4a docs: fix rollup external moment (#7587)
  • 484f0d1 Preserve object prototypes when cloning (#7404)
  • 2df6986 Look for any branch starting with release (#7087) (#7089)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.