Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade plotly.js from 1.58.5 to 2.25.2 #25

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade plotly.js from 1.58.5 to 2.25.2 #25

wants to merge 1 commit into from

Conversation

jfuginay
Copy link

@jfuginay jfuginay commented Jan 4, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-PLOTLYJS-6142157		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: plotly.js The new version differs by 250 commits.
  • e824199 2.25.2
  • 920a50e update readme and changelog for v2.25.2
  • 27932d6 Merge pull request #6705 from plotly/reduce-flakiness
  • 0249840 Merge pull request #6704 from plotly/nestedProperty-proto
  • a4a69d5 reduce flakiness on CI
  • a860a32 Merge pull request #6690 from Mkranj/croatian_translation
  • 5cfbd6e add test
  • 2bec998 guard against polluting __proto__ in nestedProperty
  • 5efd2a1 Merge pull request #6703 from plotly/expandObjectPaths-proto
  • e1e3175 fix delay in test
  • cf5c623 skip all __ keys instead of only __proto__
  • 0dcb1f7 Update test/jasmine/tests/animate_test.js
  • 4474ca8 Update test/jasmine/tests/animate_test.js
  • ec7ff52 ensure __proto__ is not polluted in expandObjectPaths
  • 33a2f16 add tests
  • 60848e9 Linter fix: spaces before values, no tabs
  • bb4a1f7 2.25.1
  • 0f97efe update readme and changelog for v2.25.1
  • f4baaf6 Merge pull request #6695 from plotly/fix6694-legend-update
  • fd11108 do not return with empty legend items to clear old legends
  • 2d5d685 No thousands separator
  • 4c1ddcf Improve fence translastions and app names
  • a072565 Improve "zoom" translation
  • 106ab2b Improve "reset" and "trace" translations

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: package.json to reduce vulnerabilities
5a0bbf6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PLOTLYJS-6142157
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@jfuginay @snyk-bot