[Snyk] Upgrade plotly.js from 1.52.3 to 1.58.5

[chr0m1ng]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade plotly.js from 1.52.3 to 1.58.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 21 versions ahead of your current version.
• The recommended version was released 3 years ago, on 2021-07-06.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary Code Execution SNYK-JS-STATICEVAL-173693	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Arbitrary Code Execution npm:static-eval:20171016	579/1000 Why? Has a fix available, CVSS 7.3	Mature
	Prototype Pollution SNYK-JS-MINIMIST-559764	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	579/1000 Why? Has a fix available, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	579/1000 Why? Has a fix available, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: plotly.js

• 1.58.5 - 2021-07-06
  

  Fixed

  • Fix to improve sanitizing href inputs for SVG and HTML text elements [#5803]
• 1.58.4 - 2020-12-21
  

  Fixed

  • Fix preserveDrawingBuffer WebGL config for displaying transparent gl3d scenes
    on Apple devices running latest Safari versions (v13 and higher) [#5351]
  • Fix spelling [#5349, #5356] with thanks to @ jbampton for the contribution!
• 1.58.3 - 2020-12-17
  

  Fixed

  • Fix autorange for inside tick label positions [#5332]
  • Fix "nonnegative" and "tozero" rangemode for inside tick label positions
    (regression introduced in 1.58.2) [#5331]
  • Fix missing categories and tick labels on react updates
    (regression introduced in 1.54.6) [#5345]
  • Fix to avoid "autoscale" error when axis autorange is set to false
    (regression introduced in 1.42.0) [#5336]
• 1.58.2 - 2020-12-09
• 1.58.1 - 2020-12-04
• 1.58.0 - 2020-12-02
• 1.57.1 - 2020-10-20
• 1.57.0 - 2020-10-15
• 1.56.0 - 2020-09-30
• 1.55.2 - 2020-09-08
• 1.55.1 - 2020-09-03
• 1.55.0 - 2020-09-02
• 1.54.7 - 2020-07-23
• 1.54.6 - 2020-07-09
• 1.54.5 - 2020-06-23
• 1.54.4 - 2020-06-22
• 1.54.3 - 2020-06-16
• 1.54.2 - 2020-06-10
• 1.54.1 - 2020-05-04
• 1.54.0 - 2020-04-30
• 1.53.0 - 2020-03-31
• 1.52.3 - 2020-03-02

from plotly.js GitHub release notes

Commit messages

Package name: plotly.js

• 23fb7fa 1.58.5
• c8014f8 update changelog for v1.58.5
• 96376e8 set 2020 in license src so that syntax text do not complain
• d84e9c3 dummyAnchor href check
• bae378a 1.58.4
• 939dc6f update changelog for v1.58.4
• bc5c180 Merge pull request Restyle Handle outdated page error while scheduler not running getredash/redash#5348 from plotly/need-bindings
• 8e72a12 Merge pull request Cannot find type definition file for 'jest' getredash/redash#5356 from plotly/followup-5349
• 29f0401 requested edits in PR 5349
• a5b295f Merge pull request Fix for Cypress flakiness generated by param_spec getredash/redash#5349 from jbampton/fix-spelling
• 8e1ad5e Merge pull request update dql getredash/redash#5351 from plotly/preserve-drawing-buffer-safari14
• 7ebfd3d simplify if block
• c8ce9fa disable featureDetect - enable preserveDrawingBuffer for Safari >= v13 - add tests
• bd21327 make a lib function to get preserve drawing buffer
• 4bb651f try inverting preserveDrawingBuffer only if it was false
• 724e418 parse Safari version after Version header identical to Safari
• 725838d default preserveDrawingBuffer to true with no userAgent so that webgl config works in most cases
• dd7c7a6 pass userAgent to the is-mobile
• 9523d2c preserve drawing buffer for gl3d scenes using Safari 14
• 4a31b3b Fix spelling
• 7f40a4c add optional dependency bindings due to npm WARN registry
• d45eef5 1.58.3
• e656dea update changelog for v1.58.3
• 5bb74bc Merge pull request Remove unnecessary space in rq log getredash/redash#5345 from plotly/fix-5318-missing-axes-tick-labels

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs