Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade @nivo/core from 0.70.1 to 0.83.1 #500

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade @nivo/core from 0.70.1 to 0.83.1 #500

wants to merge 1 commit into from

Conversation

crchong1
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-D3COLOR-1076592		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @nivo/core The new version differs by 250 commits.
  • 64f4a7d v0.83.1
  • 1d504ba feat(legends): export SymbolProps
  • abf9178 Removed unnecessary imports
  • a016564 Correct approach to truncate tick value + Unit tests
  • 3844571 truncateTickAt initial approach finished
  • ff73fab Adding rotation in animatedProps
  • 6fa5da4 Website new control for Axes on BarChart
  • 1898d3a rotateOnTickLength as optional
  • 9ecbc7f New AxisProps rotateTickOnLength with its corresponding Prop-types
  • d3e59cf fix(core): upgrade d3-interpolate and d3-scale-chromatic
  • e4a343f fix(timeRange): shiftArray should not mutate its argument (#2420)
  • 1620db2 fix(snapshots): fix tests due to the addition of text outline
  • cf87388 fix(deps): update lock file
  • 841f2d8 fix GitHub workflow badge URL
  • 2671ca4 fix(stream): fix stream diagram overflowing
  • c16adb4 feat/export responsive bar props
  • 2250a31 fix(arcLinkLabels): fix arcLinkLabelsOffset for pie chart (#2369)
  • 78d6d2a fix: waffle types missing from dist
  • fb958fe Use navigate from gatsby
  • 31ce26a fix(boxplot): included boxplot in monorepo tsconfig
  • 9045e5e fix: Lodash - use module imports
  • 0f0a926 feat(pie): add tests for gradients attribute
  • ce598c0 feat(parallel-coords): add support for text outline for axes
  • b82ad59 feat(parallel-coords): add support for a custom tooltip

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
1d346b9 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-D3COLOR-1076592
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@crchong1 @snyk-bot