[Snyk] Upgrade chart.js from 2.8.0 to 2.9.4

[snyk-bot]

Snyk has created this PR to upgrade chart.js from 2.8.0 to 2.9.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2020-10-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-CHARTJS-1018716	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: chart.js

• 2.9.4 - 2020-10-18
  

  This is the last release of v2 and focused on fixing bugs identified in the v2.9.3 release.

  Bugs Fixed

  • #7404 - Preserve prototypes when cloning. Thanks @ iddings
  • #7587 - Fix docs for external moment.js. Thanks @ mojoaxel
  • #7853 - Fix box recursion when dimensions are NaN. Thanks @ alessandroasm
  • #7883 - Fix call stack exception when computing label sizes. Thanks @ silentmatt
  • #7918 - Prevent global prototype pollution via the merge helper
  • #7920 - Use Object.create(null) as merge target, to prevent prototype pollution
• 2.9.3 - 2019-11-14
  

  Bug Fixes

  • #6698 Fix undefined variable
  • #6719 Don't make legend empty when fill is false

  Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@ kurkle, @ benmccann, and @ etimberg).

• 2.9.2 - 2019-11-02
  

  Bug Fixes

  • #6641 IE11 & Edge compatible style injection
  • #6655 Backwards compatible default fill for radar charts
  • #6660 Improve clipping of line charts when border widths are large
  • #6661 When a legend item is clicked, make sure the correct item is hidden
  • #6663 Refresh package-lock file to pick up new dependency

  Performance

  • #6671 Stop unnecessary line calculations

  Documentation

  • #6643 Combine performance documentation sections

  Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@ nagix, @ kurkle, @ benmccann, @ etimberg and @ simonbrunel).

• 2.9.1 - 2019-10-27
  

  Bug Fixes

  • #6603 Fix deprecation warnings for horizontal bar charts
  • #6608 Fix zoom plugin by no longer clipping scale.getDecimalForPixel to the chart area
  • #6617 Non numeric Y axes did not work

  Documentation

  • #6613 Add link to performance documentation

  Development

  • #6609 - Tests no longer use deprecated options

  Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@ nagix, @ kurkle, @ benmccann, @ etimberg and @ simonbrunel).

• 2.9.0 - 2019-10-26
• 2.8.0 - 2019-03-14

from chart.js GitHub release notes

Commit messages

Package name: chart.js

• 1d92605 Use Object.create(null) as `merge` target (infernalis: PK11_DestroyContext() is called twice if PK11_DigestFinal() fails ceph/ceph#7920)
• dff7140 When objects are merged together, the target prototype can be polluted. (Wip rgw payer yehuda ceph/ceph#7918)
• d919188 Bump verison number to v2.9.4
• 42ed589 Fix Maximum call stack size exception in computeLabelSizes (hammer: osd: use GMT time for the object name of hitsets ceph/ceph#7883)
• 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (osd: can only reduce the weight of osd, the use of "ceph osd reweight… ceph/ceph#7853)
• 2493cb5 Use node v12.18.2 on Travis CI (librados: race condition on aio_notify completion handling ceph/ceph#7864)
• 679ec4a docs: fix rollup external moment (memstore: fix alignment of Page for test_pageset ceph/ceph#7587)
• 484f0d1 Preserve object prototypes when cloning (rbd_fuse:replaced pthread_mutex*() functions with ceph Mutex wrapper ceph/ceph#7404)
• 2df6986 Look for any branch starting with release (mon: add RAW USED column to ceph df detail ceph/ceph#7087) (fs: fix unclosed formatter session ceph/ceph#7089)
• 26ea9f0 Update version number to 2.9.3 (Use --cluster instead of -c so metavariables are substituted correctly (pedantic) ceph/ceph#6725)
• a307a2a Don't make legend empty when fill is false (tools: Fix layout handing in cephfs-data-scan (#13898) ceph/ceph#6719)
• c44229f Fix undefined variable (Auth crash fix ceph/ceph#6698)
• a985fec Stop unnecessary line calculations (Fix Jenkins make check errors due to deep-scrub randomization ceph/ceph#6671)
• 1cce8a5 Backward compatible default `fill` for radar charts (tools: add cephfs-table-tool 'take_inos' ceph/ceph#6655)
• a920bfe Hide correct dataset from legend (cls/cls_rbd.cc: fix misused metadata_name_from_key ceph/ceph#6661)
• 201fe46 Versatile clipping for lines (mon/PGMonitor: max avail is 0 if some OSD's weight is 0 ceph/ceph#6660)
• ad26311 Refresh package-lock to pick up new version of chartjs-colors (rgw: create a unique zone pool names ceph/ceph#6663)
• 8abfbcb Update version number to v2.9.2 (rbd-nbd: network block device (NBD) support for RBD  ceph/ceph#6657)
• 45550ed Combine performance docs (rgw: add support for Static Large Objects of Swift API ceph/ceph#6643)
• 65421bb Use `document` when `getRootNode` is unsupported ([OSD] Wip log alloc predictor (improvement) ceph/ceph#6641)
• a92dd7b Release v2.9.1 (osd: MOSDRepOp and pg_log_entry_t optimization ceph/ceph#6618)
• 26b9d1f Merge pull request mon: don't require OSD W for MRemoveSnaps ceph/ceph#6601 from chartjs/master
• ea100d4 Bump version number to 2.9.0 (mon: allow mds profile to OSD write ceph/ceph#6600)
• 333118b Hover styling for dataset in 'dataset' mode (hammer: rgw: missing handling of encoding-type=url when listing keys in bucket ceph/ceph#6527)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs