Skip to content
This repository has been archived by the owner on Jul 9, 2022. It is now read-only.

[Snyk] Security upgrade plotly.js from 1.41.3 to 1.49.0 #9

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade plotly.js from 1.41.3 to 1.49.0 #9

wants to merge 8 commits into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

✨What is Merge Advice? We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764		 No Proof of Concept
Commit messages
Package name: plotly.js The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

ktmud and others added 8 commits September 25, 2019 16:16
@ktmud
Add support for Vega and Vega-lite
e167d2b 
Vega and Vega-Lite allow users to specify a JSON configuration
to declaratively define a complex interactive visualization.

It could thoeretically become the foundation of many visualizations
we already have.

This commit adds integration with Vega and Vega-Lite, with a lot
of code borrowed from the official Vega Editor[1].

[1] https://vega.github.io/editor/
@ktmud
update package.json
8e1c0a4
@ktmud
Adding schema_filter and table_filter for Presto runner
24fa150 
And load schemas one by one. This should improve performance
for large Presto instances where a single schema may contain
thousands of tables.

Plus, in lower version of Presto, sometimes the old query will throw
"outputFormat should not be accessed from a null StorageFormat"
error (see prestodb/presto#6972). This change allows us to skip
this error and still return valid results.
@ktmud
Add an extras field for Presto getredash#3909
46a8851 
This makes it possible to allow arbitrary connection parameters
that are not stored as configuration field.

Also extended Dynamic Forms to allow JSON validation.
@ktmud
Invalid JSON Must be discarded
129cac8
@ktmud
Merge branch 'vega'
a59ce79
@snyk-bot @ktmud
fix: package.json & package-lock.json to reduce vulnerabilities
9065f18 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
@snyk-bot @ktmud
fix: package.json & package-lock.json to reduce vulnerabilities
4d326c6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
@ktmud ktmud force-pushed the master branch 2 times, most recently from a3336ce to 5afd055 Compare August 14, 2020 06:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @ktmud