Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade recharts from 1.0.0-beta.10 to 2.3.0 #75

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

iftiali
Copy link
Owner

@iftiali iftiali commented Jan 12, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • client/package.json
    • client/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-D3COLOR-1076592
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: recharts The new version differs by 250 commits.
  • e71d83c 2.3.0
  • 1216e06 fix: cartesian utils unit test, remove demo,src from files array
  • bcb199c fix: d3 security vulnerability in d3-color
  • 85f7c81 chore: add npm publish action (#3166)
  • 447fd7a test: add jest coverage, differentiate jest and karma envs to fix errors (#3164)
  • a290cfa fix: area chart test part3 (#3163)
  • 90ed7e7 refactor(ReactUtils): findByType – use generic to have a better return type
  • da9e913 chore(gitignore): add .vscode
  • cc78f8c fix(ChartUtils): appendOffsetOfLegend – correct verticalAlign match to “middle”
  • 21b923a fix: area chart test migration follow up (#3161)
  • 0d82154 LineChart.spec jest migration (#3141)
  • 3214d14 refactor(ResponsiveContainer): improve performance memoizing internal variables
  • fe8f758 test(JestMigration): convert ResponsiveContainer (closes #3156)
  • 518b4b1 JestMigration: Label and LabelList (#3154)
  • 9b83399 Jest Migration: ChartUtils (#3148)
  • 8db8edf fix: migrate area chart test to typescript (#3151)
  • 81d271b test(JestMigration): convert FunnelChart (closes #3127) (#3153)
  • f4f9607 Jest Migration: Cell (#3150)
  • 08f405e Jest Migration: util/DataUtils (#3134) (#3147)
  • 287552f Jest Migration: util/CartesianUtils (#3145)
  • 81f08fc chore(deps-dev): remove unused dependencies (#3144)
  • c07f762 AreaChart: Respect baseValue of AreaChart, but allow override from Area (#3140)
  • 2e8dffd test(ShallowEqual): convert test using jest (#3143)
  • 787f041 test(jest): remove console error and warn from stdout in LogUtils and ReactUtils (#3142)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants