Closed stathopoulosgeorge closed 7 months ago
To update chart.js we will have to download the new version from chart.js here: https://cdn.jsdelivr.net/npm/chart.js
Then change the content from the file `imagify/assets/js/chart.js` to the new content.
While doing so we need to be careful to keep the 3 lines: https://github.com/wp-media/imagify-plugin/blob/cfe6f77940b520500d8ef00be18b4ee24167b49f/assets/js/chart.js#L10 https://github.com/wp-media/imagify-plugin/blob/cfe6f77940b520500d8ef00be18b4ee24167b49f/assets/js/chart.js#L718C1-L718C31 https://github.com/wp-media/imagify-plugin/blob/cfe6f77940b520500d8ef00be18b4ee24167b49f/assets/js/chart.js#L1736
Then compile the js again and check for potential issues.
If the time allows it we should refactor it by adding chart.js into the node dependencies and import it inside the chart.js file.
Then setup the window.imagify
using the values exported by chartjs.
Effort S
PS: S for the high potential of issue cause we are passing from 2.xx to 4.xx
Seems good to me, Like you said, we need to pay attention to potential issues that will be caused by the major version upgrade.
Describe the bug
We received a WordPress.org ticket for Imagify, regarding the current version of Chart.js used (2.7.1 which was released 6 years ago).
The user has done a web application penetration test which revealed a Prototype Pollution vulnerability, rated as critical on the NVD database.
[File location]: Imagify > assets > js > chart.js