[Snyk] Upgrade: canvas,

[A-K-O-R-A]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

canvas
from 2.10.0 to 2.11.2 | 5 versions ahead of your current version | a year ago
on 2023-04-02
@discord-card/core
from 3.0.1 to 3.2.0 | 2 versions ahead of your current version | a year ago
on 2023-03-27

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	482	Proof of Concept

Release notes

Package name: canvas

• 2.11.2 - 2023-04-02
• 2.11.1 - 2023-04-02
• 2.11.0 - 2022-12-22
  

  Fixed

  • Replace triple-slash directive in types with own types to avoid polluting TS modules with globals (#1656)
• 2.10.2 - 2022-10-30
  

  Fixed

  • Fix Assertion failed: (object->InternalFieldCount() > 0), function Unwrap, file nan_object_wrap.h, line 32. (#2025)
  • textBaseline and textAlign were not saved/restored by save()/restore(). (#1936)
  • Update nan to v2.17.0 to ensure Node.js v18+ support.

  Changed

  • Improve performance and memory usage of save()/restore().
  • save()/restore() no longer have a maximum depth (previously 64 states).
• 2.10.1 - 2022-09-07
  

  Fixed

  • Fix actualBoundingBoxLeft and actualBoundingBoxRight when textAlign='center' or 'right' (#1909)
  • Fix rgba(r,g,b,0) with alpha to 0 should parse as transparent, not opaque. (#2110)
• 2.10.0 - 2022-09-04
  

  Added

  • Export pangoVersion
  • ctx.roundRect()

  Fixed

  • rgba(r,g,b) with no alpha should parse as opaque, not transparent. (#2029)
  • Typo in PngConfig.filters types. (#2072)
  • createPattern() always used "repeat" mode; now supports "repeat-x" and "repeat-y". (#2066)
  • Crashes and hangs when using non-finite values in context.arc(). (#2055)
  • Incorrect context.arc() geometry logic for full ellipses. (#1808, (#1736))
  • Added missing deregisterAllFonts to the Typescript declaration file (#2096)
  • Add User-Agent header when requesting remote images (#2099)

from canvas GitHub release notes

Package name: @discord-card/core

• 3.2.0 - 2023-03-27
• 3.1.0 - 2023-03-27
• 3.0.1 - 2022-04-13

from @discord-card/core GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"canvas","from":"2.10.0","to":"2.11.2"},{"name":"","from":"discord-card/core","to":"discord-card/core"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":432,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"}],"prId":"70c5f792-1430-48ac-91bd-258ab21b2713","prPublicId":"70c5f792-1430-48ac-91bd-258ab21b2713","packageManager":"npm","priorityScoreList":[482,432],"projectPublicId":"0fb1e3f5-6a9f-483d-8404-d397604eddef","projectUrl":"https://app.snyk.io/org/a-k-o-r-a/project/0fb1e3f5-6a9f-483d-8404-d397604eddef?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-SEMVER-3247795","SNYK-JS-SEMVER-3247795","SNYK-JS-TAR-6476909"],"upgradeInfo":{"versionsDiff":5,"publishedDate":"2023-04-02T21:33:55.740Z"},"vulns":["SNYK-JS-SEMVER-3247795","SNYK-JS-SEMVER-3247795","SNYK-JS-TAR-6476909"]}'