Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[Snyk] Upgrade: apexcharts, babel-loader, fusioncharts #971

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Sheitak
Copy link
Owner

@Sheitak Sheitak commented Sep 16, 2024

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

apexcharts
from 3.19.2 to 3.52.0 | 70 versions ahead of your current version | a month ago
on 2024-08-05
babel-loader
from 8.1.0 to 8.3.0 | 7 versions ahead of your current version | 2 years ago
on 2022-11-03
fusioncharts
from 3.15.2 to 3.23.0 | 10 versions ahead of your current version | 6 months ago
on 2024-03-21

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AJV-584908
490 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
490 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370
490 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-APEXCHARTS-1062708
490 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-APEXCHARTS-1300579
490 Proof of Concept
Release notes
Package name: apexcharts
  • 3.52.0 - 2024-08-05

    What's Changed

    • fix #1339; tooltip.enabledOnSeries bugfix in irregular time series
    • fix #4600; show percentage in 100% stacked bar chart
    • fix #4067; incorrect x-axis labels for numeric x-axis for small dataset
    • fixes #4579; heatmap legend color issue
    • feat(ci): added continuous integration tests by @ Sebastian-Webster in #4577
    • Add null checks on gridRect to avoid safari error by @ Nikkitory in #4599

    New Contributors

    Full Changelog: v3.51.0...v3.52.0

  • 3.51.0 - 2024-07-21

    What's Changed

    ✨ More marker shapes

    hswil69ah

    Full Changelog: v3.50.0...v3.51.0

  • 3.50.0 - 2024-07-05

    What's Changed

    • Refactor markers code for generating new markers shapes (plus, cross, line)
    Screenshot 2024-07-05 at 11 27 12 PM

    New Contributors

    Full Changelog: v3.49.2...v3.50.0

  • 3.49.2 - 2024-06-25

    What's Changed

    New Contributors

    Full Changelog: v3.49.1...v3.49.2

  • 3.49.1 - 2024-05-12

    🆕 Enhancements

    basic-slope-chart

    🐞 Bug fixes

    • Fix issue #4216: grid padding calculation to support array of stroke widths, thanks @ veryinsanee
    • Fix heatmap yaxis offset #2033, thanks @ cart-before-horse
    • FIx types (yaxis.seriesName as an Array), thanks @ j2ghz
    • Remove redundant graphics.move() from end of lower rangeArea paths. - thanks @ rosco54
    • Fix #4386; pie chart size issue when given in percentage
    • Fix #3827 - y-axis tooltip value in reversed
    • Fix #4348 - dumbbell chart fix for timescale xaxis
    • Fix #2251 - pie chart dataPointIndex when clicked
    • Fix #4206 - datalabels in timeline chart
    • Revert PR #4240
  • 3.49.0 - 2024-04-21

    🐞 Bug fixes

    • Fix gradient fill glitches for series with nulls - by @ rosco54
    • Fix point annotation still visible when referenced series is collapsed. - by @ rosco54
    • Additional fixes for indexing errors using yaxis-series mappings after - by @ rosco54
    • Fixed Issue #3525. - by @ rosco54
    • added color evaluation function in Bar.js under stroke property - by @ Digvijayrao-KF
    • Radar chart bugfix #4371
    • Update zh-tw.json - by @ iblislin
    • Fixed #4402 by @ rosco54
  • 3.48.0 - 2024-03-19

    🆕 Enhancements

    • Provide a "step before" version of the current "step after" line chart; Fixes #4313
    • Use ShadowRoot getElementById() when in ShadowDOM; Thanks @ cyraid

    🐞 Bug fixes

    • Fixes #4323 (multiple y-axis scale fixes for backward compatibility)
    • Zoomed scale fixes - In zoomed charts, ensure the Y axis scale fits the full min..max range of Y values
    • Fix css nonce attribute
    • Improve grid-rect to prevent bar overflowing on x-axis
    • When chart is type 'bar', ensure reference to zero is maintained
    • Fixes #2757 (annotation overflow)
    • Fixes #3073 (annotation overflow)
    • Fixes #3421 (annotation overflow)
    • Fixes #3553 (annotation overflow)
    • Fixes #4081 (x-axis annotation fix in sparkline)

    Thanks @ rosco54 for multiple y-axis scale fixes

  • 3.47.0 - 2024-03-08

    🆕 Enhancements

    • Map multiple series to the same y-axis scales (in a multi-axes chart) - fixes #4237

    🐞 Bug fixes

    • Area chart gradient drawing glitch; fixes #4271
    • Point annotation fix when y-axis is not present (in case of sparkline or hidden y-axis)
    • When chart is type 'bar', ensure reference to zero is maintained

    Thanks @ rosco54 for y-axis scale improvements

  • 3.46.0 - 2024-02-17

    🆕 Enhancements

    • Improve the y-axis scale tick generation - Thanks @ rosco54
    • Added "+" and "x" markers - Thanks @ MiguelsPizza
    • Add Belarusan cyrilic and latin locale - Thanks @ hrynko

    🐞 Bug fixes

    • Fix #4167 - shadow bug in multi-series chart
    • Fix #4242 - allow labels with Invalid text
  • 3.45.2 - 2024-01-21

    🆕 Enhancements

    • Update pt.json - Thanks @ artur309
    • Add border-radius to treemap; fixes #4170

    🐞 Bug fixes

    • Fix the range-bar drawing bug when the value is 0
    • Discard initialXRatio in normal category bar charts - fixes #4134
    • Bring back original curve: smooth option for stroke as multiple people reported issues with monotoneCubic curve.
  • 3.45.1 - 2023-12-22
  • 3.45.0 - 2023-12-15
  • 3.44.2 - 2023-12-05
  • 3.44.1 - 2023-12-03
  • 3.44.0 - 2023-10-17
  • 3.43.2-0 - 2023-10-12
  • 3.43.0 - 2023-09-30
  • 3.42.0 - 2023-08-25
  • 3.41.1 - 2023-07-31
  • 3.41.0 - 2023-06-07
  • 3.40.0 - 2023-04-30
  • 3.39.0 - 2023-04-16
  • 3.38.0 - 2023-04-14
  • 3.37.3 - 2023-04-02
  • 3.37.2 - 2023-03-21
  • 3.37.1 - 2023-02-22
  • 3.37.0 - 2023-02-04
  • 3.36.3 - 2022-11-05
  • 3.36.2 - 2022-11-05
  • 3.36.1 - 2022-11-03
  • 3.36.0 - 2022-10-12
  • 3.35.5 - 2022-08-22
  • 3.35.4 - 2022-07-25
  • 3.35.3 - 2022-05-25
  • 3.35.2 - 2022-05-08
  • 3.35.1 - 2022-05-07
  • 3.35.0 - 2022-03-31
  • 3.34.0 - 2022-03-29
  • 3.33.2 - 2022-03-02
  • 3.33.1 - 2022-02-08
  • 3.33.0 - 2022-01-11
  • 3.32.1 - 2021-12-23
  • 3.32.0 - 2021-12-06
  • 3.31.0 - 2021-11-28
  • 3.30.0 - 2021-11-13
  • 3.29.0 - 2021-10-10
  • 3.28.3 - 2021-09-16
  • 3.28.2 - 2021-09-16
  • 3.28.1 - 2021-08-24
  • 3.27.3 - 2021-07-22
  • 3.27.2 - 2021-07-07
  • 3.27.1 - 2021-06-06
  • 3.27.0 - 2021-06-06
  • 3.26.3 - 2021-05-18
  • 3.26.2 - 2021-05-09
  • 3.26.1 - 2021-04-18
  • 3.26.0 - 2021-03-15
  • 3.25.0 - 2021-02-14
  • 3.24.0 - 2021-01-30
  • 3.23.1 - 2020-12-29
  • 3.23.0 - 2020-12-15
  • 3.22.3 - 2020-12-06
  • 3.22.2 - 2020-11-08
  • 3.22.1 - 2020-11-01
  • 3.22.0 - 2020-10-03
  • 3.21.0 - 2020-09-20
  • 3.20.2 - 2020-09-10
  • 3.20.1 - 2020-09-08
  • 3.20.0 - 2020-07-31
  • 3.19.3 - 2020-06-26
  • 3.19.2 - 2020-05-19
from apexcharts GitHub release notes
Package name: babel-loader from babel-loader GitHub release notes
Package name: fusioncharts
  • 3.23.0 - 2024-03-21

    Merge pull request #64 from fusioncharts/release/3.23.0

    publishing v3.23.0

  • 3.23.0-rc.1 - 2024-03-18
  • 3.21.1 - 2023-10-05
  • 3.21.0 - 2023-09-28
  • 3.20.0 - 2023-03-21
  • 3.19.0 - 2022-08-01
  • 3.18.0 - 2021-09-20
  • 3.17.0 - 2021-04-29
  • 3.16.0 - 2020-12-10
  • 3.15.3 - 2020-09-13
  • 3.15.2 - 2020-07-13
from fusioncharts GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"apexcharts","from":"3.19.2","to":"3.52.0"},{"name":"babel-loader","from":"8.1.0","to":"8.3.0"},{"name":"fusioncharts","from":"3.15.2","to":"3.23.0"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-RAMDA-1582370","issue_id":"SNYK-JS-RAMDA-1582370","priority_score":490,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-APEXCHARTS-1062708","issue_id":"SNYK-JS-APEXCHARTS-1062708","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},...

Snyk has created this PR to upgrade:
  - apexcharts from 3.19.2 to 3.52.0.
    See this package in npm: https://www.npmjs.com/package/apexcharts
  - babel-loader from 8.1.0 to 8.3.0.
    See this package in npm: https://www.npmjs.com/package/babel-loader
  - fusioncharts from 3.15.2 to 3.23.0.
    See this package in npm: https://www.npmjs.com/package/fusioncharts

See this project in Snyk:
https://app.snyk.io/org/sheitak/project/9664de24-130d-4b04-8847-d3ba8c186ef5?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment