Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade echarts from 4.0.4 to 5.2.1 #75

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade echarts from 4.0.4 to 5.2.1 #75

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 541/1000
Why? Recently disclosed, Has a fix available, CVSS 5.1		 Prototype Pollution
SNYK-JS-ZRENDER-1586253		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: echarts The new version differs by 250 commits.
  • 1c70026 Merge pull request #15745 from apache/release-dev
  • 21d6317 release 5.2.1
  • 5ff6216 Merge pull request #15735 from apache/series-type-register
  • a11d9af feat(type): provide ability to extend series option
  • b29726d Merge pull request #15732 from apache/master
  • 6384acf Merge pull request #15731 from apache/fix-line-animation
  • 4824ada fix(line): fix animation is not stopped when direct update points.
  • 26e9a95 Merge pull request #15720 from apache/fix-legend-symbol-keep-aspect
  • 5d667ec Merge pull request #15722 from williamorim/ptBRlang
  • add3f76 chaging double quotes for single quotes
  • b98affc Adding pt-BR lang file
  • 6641951 Merge pull request #15683 from apache/fix-tooltip
  • 35e3511 fix(legend): add back symbolKeepAspect. optimize code logic.
  • 233d2a1 Merge pull request #15715 from apache/fix-test
  • 3bea75a test: optimize test cases for visual regression test
  • bdafcbc Merge pull request #15711 from apache/fix-line-gradient
  • fde66ec Merge pull request #15589 from apache/fix-polar
  • fc507c0 test(polar): update test case
  • d88f7cb Merge pull request #15712 from apache/axis-hide-overlap
  • 7dbf36c fix(time): add `axisLabel.hideOverlap`
  • 344b648 fix(line): soft clipping gradient.
  • 01bf5f1 Merge pull request #15706 from apache/fix-sunburst
  • dd1890b fix(sunburst): improve code
  • c5fcf82 fix(sunburst): radius in levels

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot