qaboard icon indicating copy to clipboard operation
qaboard copied to clipboard
verified publisher icon Samsung

[Snyk] Security upgrade plotly.js from 2.8.3 to 2.25.2

Open arthur-flam opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • webapp/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-PLOTLYJS-6142157		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: plotly.js The new version differs by 250 commits.
  • e824199 2.25.2
  • 920a50e update readme and changelog for v2.25.2
  • 27932d6 Merge pull request #6705 from plotly/reduce-flakiness
  • 0249840 Merge pull request #6704 from plotly/nestedProperty-proto
  • a4a69d5 reduce flakiness on CI
  • a860a32 Merge pull request #6690 from Mkranj/croatian_translation
  • 5cfbd6e add test
  • 2bec998 guard against polluting __proto__ in nestedProperty
  • 5efd2a1 Merge pull request #6703 from plotly/expandObjectPaths-proto
  • e1e3175 fix delay in test
  • cf5c623 skip all __ keys instead of only __proto__
  • 0dcb1f7 Update test/jasmine/tests/animate_test.js
  • 4474ca8 Update test/jasmine/tests/animate_test.js
  • ec7ff52 ensure __proto__ is not polluted in expandObjectPaths
  • 33a2f16 add tests
  • 60848e9 Linter fix: spaces before values, no tabs
  • bb4a1f7 2.25.1
  • 0f97efe update readme and changelog for v2.25.1
  • f4baaf6 Merge pull request #6695 from plotly/fix6694-legend-update
  • fd11108 do not return with empty legend items to clear old legends
  • 2d5d685 No thousands separator
  • 4c1ddcf Improve fence translastions and app names
  • a072565 Improve "zoom" translation
  • 106ab2b Improve "reset" and "trace" translations

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

arthur-flam avatar Jan 04 '24 01:01 arthur-flam