Open snyk-bot opened 3 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 3.9
SNYK-JS-ANGULARCORE-1070902
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-CHARTJS-1018716
Why? Has a fix available, CVSS 5.4
SNYK-JS-PRIMENG-537902
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: chart.js
The new version differs by 9 commits.- 1d92605 Use Object.create(null) as `merge` target (#7920)
- dff7140 When objects are merged together, the target prototype can be polluted. (#7918)
- d919188 Bump verison number to v2.9.4
- 42ed589 Fix Maximum call stack size exception in computeLabelSizes (#7883)
- 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (#7853)
- 2493cb5 Use node v12.18.2 on Travis CI (#7864)
- 679ec4a docs: fix rollup external moment (#7587)
- 484f0d1 Preserve object prototypes when cloning (#7404)
- 2df6986 Look for any branch starting with release (#7087) (#7089)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic