Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency chart.js to v2.9.4 [SECURITY] - abandoned #121

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented May 15, 2021

Mend Renovate

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
chart.js 2.7.3 -> 2.9.4 age adoption passing confidence
chart.js (source) dependencies minor 2.7.3 -> 2.9.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-7746

This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.


Release Notes

chartjs/Chart.js

v2.9.4

Compare Source

This is the last release of v2 and focused on fixing bugs identified in the v2.9.3 release.

Bugs Fixed

v2.9.3

Compare Source

Bug Fixes

  • #​6698 Fix undefined variable
  • #​6719 Don't make legend empty when fill is false

Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@​kurkle, @​benmccann, and @​etimberg).

v2.9.2

Compare Source

Bug Fixes

  • #​6641 IE11 & Edge compatible style injection
  • #​6655 Backwards compatible default fill for radar charts
  • #​6660 Improve clipping of line charts when border widths are large
  • #​6661 When a legend item is clicked, make sure the correct item is hidden
  • #​6663 Refresh package-lock file to pick up new dependency

Performance

  • #​6671 Stop unnecessary line calculations

Documentation

  • #​6643 Combine performance documentation sections

Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@​nagix, @​kurkle, @​benmccann, @​etimberg and @​simonbrunel).

v2.9.1

Compare Source

Bug Fixes

  • #​6603 Fix deprecation warnings for horizontal bar charts
  • #​6608 Fix zoom plugin by no longer clipping scale.getDecimalForPixel to the chart area
  • #​6617 Non numeric Y axes did not work

Documentation

  • #​6613 Add link to performance documentation

Development

  • #​6609 - Tests no longer use deprecated options

Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@​nagix, @​kurkle, @​benmccann, @​etimberg and @​simonbrunel).

v2.9.0

Compare Source

Breaking changes

Enhancements

Performance

Bug Fixes

Documentation

Development

Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@​nagix, @​kurkle, @​benmccann, @​etimberg and @​simonbrunel).

v2.8.0: Version 2.8.0

Compare Source

Documentation: http://www.chartjs.org/docs/2.8.0/

Deprecations

  • #​5868 Deprecate Chart.{Type} classes
  • #​6022 Deprecate configMerge and scaleMerge helpers

Enhancements

  • #​5741 Add minBarLength option for bar chart. Thanks @​adube
  • #​5780 Bar options are now scriptable
  • #​5841 Draw inner border for arc elements
  • #​5850 Add support for gridLines/angleLines borderDash for polar area and radar charts
  • #​5855 Moved drawing of radial lines before drawing the tick labels. Thanks @​fhp
  • #​5885 Add support for hiding axis when all datasets are hidden. Thanks @​davesalomon
  • #​5905 Add support for typed arrays
  • #​5908 Add midpoint interpolation to stepped line. Thanks @​veggiesaurus
  • #​5927 Add reverse support to time scale
  • #​5938 Improve tick generation for linear scales
  • #​5951 New weight option for pie and doughnut charts
  • #​5960 Implement adapter to abstract date/time features
  • #​5966 Doughnut options are now scriptable
  • #​5973 Line options are now scriptable
  • #​5976 Polar area options are now scriptable
  • #​5978 Make moment optional from our UMD builds
  • #​5982 Remove date auto type conversions
  • #​6019 Improve time scale performances
  • #​6041 Radar options are now scriptable
  • #​6048 Move CSS in a separate file to be CSP-compliant
  • #​6059 Add onLeave callback to legend. Thanks @​jonrimmer
  • #​6077 Allow configuration of borderWidth as object
  • #​6105 Optimize the npm package by removing useless files

Issues Fixed

  • #​5331 Make animation duration consistent across browsers. Thanks @​serhii-yakymuk
  • #​5609 Fix offsetGridLine behavior with a single data point
  • #​5750 Ensure that the time scale safely accesses data.labels
  • #​5751 Handle axis lineWidth as an array
  • #​5752 Ensure that new Number() is correctly handled
  • #​5776 Fix legend layout padding at the start of columns. Thanks @​jtagscherer
  • #​5786 Support decimal stepSize
  • #​5790 Add error margin for detecting if a point or line is in the chart area
  • #​5816 Fix legend item layout issue
  • #​5828 Improve shadow root detection. Thanks @​karaxuna
  • #​5846 Correct calculation of padding in percent. Thanks @​chtheis
  • #​5848 Fix radial scale topmost tick label and the bottom of the chart area that were cut off
  • #​5857 Fix nearest interaction mode
  • #​5858 Adjust the size of rectRounded/rectRot points to fit the circle with pointRadius
  • #​5865 Support CanvasGradient for hover colors
  • #​5869 Tooltip support for CanvasPattern and CanvasGradient
  • #​5880 Fix the rounding issue of floating point numbers in category scale
  • #​5884 Remove gaps on the left and right when the axis offset is set to true
  • #​5891 Remove autoSkip logic to always display last tick. Thanks @​sgray
  • #​5909 Remove innerHTML usage from our DOM platform
  • #​5913 Re-allow modifying ticks in afterBuildTicks
  • #​5914 Add scale.pointLabels.lineHeight and scale.ticks.lineHeight options
  • #​5920 Return correct label for value type axis
  • #​5922 Properly calculate space needed by tick label when autoSkip is true
  • #​5925 Align title, body and footer inside tooltip
  • #​5933 Fix time scale ticks.reverse issue
  • #​5936 Fix "RangeError" exception when labels are big (>125000). Thanks @​ckyycc
  • #​5937 Prevent Bezier points from being capped when a data point is off the chart
  • #​5947 Cast getRightValue to number in bar chart
  • #​5948 Fix ticks generation when working with tiny numbers
  • #​5963 Fix fitWithPointLabels calculation in radial linear scale
  • #​5996 Replace tooltip item xLabel and yLabel with label and value
  • #​6006 Enhance legend label color point when usePointStyle is true. Thanks @​alfiehd
  • #​6007 Prevent drawing radial linear scale twice
  • #​6008 Supply correct start parameter to insertElements
  • #​6011 Prevent infinite resize when vertical scrollbar appears
  • #​6021 Fix padding of horizontal axes when labels are rotated
  • #​6027 Provide a rectangle getArea implementation for horizontal bars
  • #​6046 Rename addEventListener and removeEventListener
  • #​6058 Ignore invalid log scale min and max
  • #​6060 Handle frozen dataset.data arrays
  • #​6063 Fix responsive resize on RTL page

Documentation

Development

  • #​5624 Radar code cleanup
  • #​5777 Support *.js test fixture configs
  • #​5794 Remove dead code from the gulpfile. Thanks @​HendrikRoehm
  • #​5827 Change .editorconfig file to include newlines at EOF. Thanks @​jtagscherer
  • #​5833 Use the pixel comparer for logarithmic tests. Thanks @​jtagscherer
  • #​5840 Upgrade dev dependencies to reduce vulnerabilities
  • #​5842 Use short labels for the legend tests so as not to be affected by the font width
  • #​5871 Make Chart.controllers.* importable
  • #​5872 Fix test failures on Windows
  • #​5875 Remove gulp-connect and add jsdelivr/unpkg paths
  • #​5904 Migrate from Browserify to rollup
  • #​5953 Cleanup scales export for better import strategy
  • #​5965 Refactoring using helpers.options.resolve
  • #​5967 Update controller.scatter.test.js to test default tooltip callbacks. Thanks @​MadRussian
  • #​5969 Make the main controller importable
  • #​5970 Remove unused parameter when calling removeResizeListener. Thanks @​DanielRuf
  • #​5991 Trigger mouse events at the center of arc
  • #​5994 _resolveElementPoint utility for triggerMouseEvent
  • #​6005 Common logic for resolving element options
  • #​6017 Fix typo in comment
  • #​6032 Replace deprecated gulp-util and remove unused watchify
  • #​6033 Use lowercase for primitives in jsdocs
  • #​6040 Remove unused ESLint directive
  • #​6043 Autoskip cleanup
  • #​6061 Fix randomly failing tooltip test

Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@​nagix, @​kurkle, @​benmccann, @​etimberg and @​simonbrunel).

More details in the release PR: #​6092


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot changed the title Update dependency chart.js to 2.9.4 [SECURITY] Update dependency chart.js to v2.9.4 [SECURITY] Mar 7, 2022
@renovate
Copy link
Author

renovate bot commented Mar 24, 2023

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@renovate renovate bot changed the title Update dependency chart.js to v2.9.4 [SECURITY] Update dependency chart.js to v2.9.4 [SECURITY] - abandoned Apr 17, 2023
@renovate
Copy link
Author

renovate bot commented Apr 17, 2023

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant