Update dependency chart.js to ~2.9.0 [SECURITY] #538
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~2.6.0
->~2.9.0
GitHub Vulnerability Alerts
CVE-2020-7746
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
Release Notes
chartjs/Chart.js
v2.9.4
Compare Source
This is the last release of v2 and focused on fixing bugs identified in the v2.9.3 release.
Bugs Fixed
merge
target, to prevent prototype pollutionv2.9.3
Compare Source
Bug Fixes
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@kurkle, @benmccann, and @etimberg).
v2.9.2
Compare Source
Bug Fixes
Performance
Documentation
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@nagix, @kurkle, @benmccann, @etimberg and @simonbrunel).
v2.9.1
Compare Source
Bug Fixes
scale.getDecimalForPixel
to the chart areaDocumentation
Development
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@nagix, @kurkle, @benmccann, @etimberg and @simonbrunel).
v2.9.0
Compare Source
Breaking changes
helpers._decimalPlaces
is now privateEnhancements
dataset.order
autoSkip
aware of major ticksoffsetGridLines
is truespanGaps
in radar chartspointStyle
image[start, end]
)min
andmax
in standard mannerPerformance
helpers.each
ticks.sampleSize
optionticks.source:'labels'
helpers.each
with for-loopscore.layout
getScaleForId()
calls in the line controllerhelpers.extend
Bug Fixes
autoSkip
is enabledzeroLineIndex
is definedtoExponential
between 0 and 20. Thanks @veggiesaurusgetValueForPixel
in time scalelineTension
tick.major
intickFormatFunction
determineUnitForFormatting
floating point errorticks.minor
andticks.major
issueshelpers.almostWhole
Documentation
elements.arc.angle
in documentationticks.display
and addpointLabels.display
cubicInterpolationMode
andfill
. Thanks @stockiNailDevelopment
autoSkip
inupdate
helpers.math._factorize
Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@nagix, @kurkle, @benmccann, @etimberg and @simonbrunel).
v2.8.0
: Version 2.8.0Compare Source
Documentation: http://www.chartjs.org/docs/2.8.0/
Deprecations
Chart.{Type}
classesconfigMerge
andscaleMerge
helpersEnhancements
minBarLength
option for bar chart. Thanks @adubereverse
support to time scaleonLeave
callback to legend. Thanks @jonrimmerIssues Fixed
offsetGridLine
behavior with a single data pointdata.labels
lineWidth
as an arraynew Number()
is correctly handledstepSize
innerHTML
usage from our DOM platformafterBuildTicks
scale.pointLabels.lineHeight
andscale.ticks.lineHeight
optionsautoSkip
istrue
ticks.reverse
issuegetRightValue
to number in bar chartfitWithPointLabels
calculation in radial linear scalexLabel
andyLabel
withlabel
andvalue
usePointStyle
istrue
. Thanks @alfiehdinsertElements
getArea
implementation for horizontal barsaddEventListener
andremoveEventListener
dataset.data
arraysDocumentation
aspectRatio
property. Thanks @danielcb29parser
instead of the deprecatedformat
option. Thanks @Niladri24duttapadding
option. Thanks @JEphronchartjs-plugin-colorschemes
barThickness
. Thanks @jedrekdomanskiomi-chart
to the doc. Thanks @dntzhangChart.min.js
in samplesmaintainAspectRatio
. Thanks @janelledementpointBackgroundColor
in radar samplechartjs-plugin-crosshair
. Thanks @AbelHeinsbroekchartjs-plugin-rough
Development
*.js
test fixture configs.editorconfig
file to include newlines at EOF. Thanks @jtagschererChart.controllers.*
importablegulp-connect
and add jsdelivr/unpkg pathshelpers.options.resolve
removeResizeListener
. Thanks @DanielRufThanks to the maintainers and collaborators for their help to improve and test Chart.js (@nagix, @kurkle, @benmccann, @etimberg and @simonbrunel).
More details in the release PR: #6092
v2.7.3
: Version 2.7.3Compare Source
Documentation: http://www.chartjs.org/docs/2.7.3/
Enhancements
ticks.precision
option to linear scaleIssues Fixed
responsive: true
and Chart is hidden. Thanks @jcopperfieldDocumentation
Development
Chart.Animation/animations/Tooltip
importableChart.Scale/scaleService
importableMore details in the release PR: #5732
v2.7.2
: Version 2.7.2Compare Source
Documentation: http://www.chartjs.org/docs/2.7.2/
Enhancements
point.xRange
andpoint.yRange
performance. Thanks @fanthosIssues Fixed
time.unit
option to create default min/max for empty chart. Thanks @jcopperfieldChart.Ticks.formatters
Documentation
legendCallback
. Thanks @cameroncfDevelopment
Chart.layout(Service)
importableChart.plugins
importableChart.layout
toChart.layouts
package-lock.json
showLines
in scatter chart. Thanks @loicbourgoisMore details in the release PR: #5145
v2.7.1
: Version 2.7.1Compare Source
2.7.1 is a bug fix release and also includes numerous documentation improvements
Documentation: http://www.chartjs.org/docs/2.7.1/
Enhancements
beforeTooltipDraw
andafterTooltipDraw
to plugins. Thanks @JewelsJLFIssues Fixed
null
style. Thanks @Rydoriextend
andinherits
helpersDocumentation
Development
More details in the release PR: #4876
v2.7.0
: Version 2.7.0Compare Source
Version 2.7 brings better stability, and powerful new features to Chart.js. The bubble chart options are now completely scriptable. This means that you can pass a function to a bubble chart dataset property and have the function be called as needed. This simplifies array properties, and allows quick and easy rendering changes based on data values. Check out the sample for details. If these options prove useful, they can be extended to other chart types in the future.
Building off the time scale rewrite in version 2.6, the time scale now supports options for configuring how labels generate ticks, how interpolation between the points is handled and the scale boundary strategy. Users can now configure ticks to be generated for each label, or be determined automatically from the data limits. Users can also change how ticks are distributed along the axis] to make non-linear time axes. Check out the sample for details.
Documentation: http://www.chartjs.org/docs/2.7.0/
Breaking Changes
2
to be consistent with other charts and are not square anymore by default. Use theaspectRatio: 1
option to restore the previous behaviour.Deprecations
unitStepSize
, usestepSize
instead.New Features
labelTextColor
callback. Thanks @apoorvasrinivasanmajor
unit options. Thanks @hurskiy-andriydevicePixelRatio
option. Thanks @OlduwanSteveaxis: 'x', 'y', 'xy'
options.distribution
andticks.source
options.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.