Update dependency chart.js to v2.9.4 [SECURITY] - abandoned #7
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.7.3
->2.9.4
GitHub Vulnerability Alerts
CVE-2020-7746
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
Release Notes
chartjs/Chart.js
v2.9.4
Compare Source
This is the last release of v2 and focused on fixing bugs identified in the v2.9.3 release.
Bugs Fixed
merge
target, to prevent prototype pollutionv2.9.3
Compare Source
Bug Fixes
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@kurkle, @benmccann, and @etimberg).
v2.9.2
Compare Source
Bug Fixes
Performance
Documentation
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@nagix, @kurkle, @benmccann, @etimberg and @simonbrunel).
v2.9.1
Compare Source
Bug Fixes
scale.getDecimalForPixel
to the chart areaDocumentation
Development
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@nagix, @kurkle, @benmccann, @etimberg and @simonbrunel).
v2.9.0
Compare Source
Breaking changes
helpers._decimalPlaces
is now privateEnhancements
dataset.order
autoSkip
aware of major ticksoffsetGridLines
is truespanGaps
in radar chartspointStyle
image[start, end]
)min
andmax
in standard mannerPerformance
helpers.each
ticks.sampleSize
optionticks.source:'labels'
helpers.each
with for-loopscore.layout
getScaleForId()
calls in the line controllerhelpers.extend
Bug Fixes
autoSkip
is enabledzeroLineIndex
is definedtoExponential
between 0 and 20. Thanks @veggiesaurusgetValueForPixel
in time scalelineTension
tick.major
intickFormatFunction
determineUnitForFormatting
floating point errorticks.minor
andticks.major
issueshelpers.almostWhole
Documentation
elements.arc.angle
in documentationticks.display
and addpointLabels.display
cubicInterpolationMode
andfill
. Thanks @stockiNailDevelopment
autoSkip
inupdate
helpers.math._factorize
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@nagix, @kurkle, @benmccann, @etimberg and @simonbrunel).
v2.8.0
: Version 2.8.0Compare Source
Documentation: http://www.chartjs.org/docs/2.8.0/
Deprecations
Chart.{Type}
classesconfigMerge
andscaleMerge
helpersEnhancements
minBarLength
option for bar chart. Thanks @adubereverse
support to time scaleonLeave
callback to legend. Thanks @jonrimmerIssues Fixed
offsetGridLine
behavior with a single data pointdata.labels
lineWidth
as an arraynew Number()
is correctly handledstepSize
innerHTML
usage from our DOM platformafterBuildTicks
scale.pointLabels.lineHeight
andscale.ticks.lineHeight
optionsautoSkip
istrue
ticks.reverse
issuegetRightValue
to number in bar chartfitWithPointLabels
calculation in radial linear scalexLabel
andyLabel
withlabel
andvalue
usePointStyle
istrue
. Thanks @alfiehdinsertElements
getArea
implementation for horizontal barsaddEventListener
andremoveEventListener
dataset.data
arraysDocumentation
aspectRatio
property. Thanks @danielcb29parser
instead of the deprecatedformat
option. Thanks @Niladri24duttapadding
option. Thanks @JEphronchartjs-plugin-colorschemes
barThickness
. Thanks @jedrekdomanskiomi-chart
to the doc. Thanks @dntzhangChart.min.js
in samplesmaintainAspectRatio
. Thanks @janelledementpointBackgroundColor
in radar samplechartjs-plugin-crosshair
. Thanks @AbelHeinsbroekchartjs-plugin-rough
Development
*.js
test fixture configs.editorconfig
file to include newlines at EOF. Thanks @jtagschererChart.controllers.*
importablegulp-connect
and add jsdelivr/unpkg pathshelpers.options.resolve
removeResizeListener
. Thanks @DanielRufThanks to the maintainers and collaborators for their help to improve and test Chart.js (@nagix, @kurkle, @benmccann, @etimberg and @simonbrunel).
More details in the release PR: #6092
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.