[Snyk] Upgrade plotly.js from 1.52.3 to 1.58.5 #16

change-snyk · 2022-04-17T07:12:05Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade plotly.js from 1.52.3 to 1.58.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 21 versions ahead of your current version.
The recommended version was released 9 months ago, on 2021-07-06.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Arbitrary Code Execution npm:static-eval:20171016	579/1000 Why? Mature exploit, CVSS 7.3	Mature
Arbitrary Code Execution SNYK-JS-STATICEVAL-173693	579/1000 Why? Mature exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	579/1000 Why? Mature exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	579/1000 Why? Mature exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	579/1000 Why? Mature exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: plotly.js

1.58.5 - 2021-07-06
Fixed
- Fix to improve sanitizing href inputs for SVG and HTML text elements [#5803]
1.58.4 - 2020-12-21
Fixed
- Fix preserveDrawingBuffer WebGL config for displaying transparent gl3d scenes
  on Apple devices running latest Safari versions (v13 and higher) [#5351]
- Fix spelling [#5349, #5356] with thanks to @ jbampton for the contribution!
1.58.3 - 2020-12-17
Fixed
- Fix autorange for inside tick label positions [#5332]
- Fix "nonnegative" and "tozero" rangemode for inside tick label positions
  (regression introduced in 1.58.2) [#5331]
- Fix missing categories and tick labels on react updates
  (regression introduced in 1.54.6) [#5345]
- Fix to avoid "autoscale" error when axis autorange is set to false
  (regression introduced in 1.42.0) [#5336]
1.58.2 - 2020-12-09
1.58.1 - 2020-12-04
1.58.0 - 2020-12-02
1.57.1 - 2020-10-20
1.57.0 - 2020-10-15
1.56.0 - 2020-09-30
1.55.2 - 2020-09-08
1.55.1 - 2020-09-03
1.55.0 - 2020-09-02
1.54.7 - 2020-07-23
1.54.6 - 2020-07-09
1.54.5 - 2020-06-23
1.54.4 - 2020-06-22
1.54.3 - 2020-06-16
1.54.2 - 2020-06-10
1.54.1 - 2020-05-04
1.54.0 - 2020-04-30
1.53.0 - 2020-03-31
1.52.3 - 2020-03-02

from plotly.js GitHub release notes

Commit messages

Package name: plotly.js

23fb7fa 1.58.5
c8014f8 update changelog for v1.58.5
96376e8 set 2020 in license src so that syntax text do not complain
d84e9c3 dummyAnchor href check
bae378a 1.58.4
939dc6f update changelog for v1.58.4
bc5c180 Merge pull request Restyle Handle outdated page error while scheduler not running getredash/redash#5348 from plotly/need-bindings
8e72a12 Merge pull request Cannot find type definition file for 'jest' getredash/redash#5356 from plotly/followup-5349
29f0401 requested edits in PR 5349
a5b295f Merge pull request Fix for Cypress flakiness generated by param_spec getredash/redash#5349 from jbampton/fix-spelling
8e1ad5e Merge pull request update dql getredash/redash#5351 from plotly/preserve-drawing-buffer-safari14
7ebfd3d simplify if block
c8ce9fa disable featureDetect - enable preserveDrawingBuffer for Safari >= v13 - add tests
bd21327 make a lib function to get preserve drawing buffer
4bb651f try inverting preserveDrawingBuffer only if it was false
724e418 parse Safari version after Version header identical to Safari
725838d default preserveDrawingBuffer to true with no userAgent so that webgl config works in most cases
dd7c7a6 pass userAgent to the is-mobile
9523d2c preserve drawing buffer for gl3d scenes using Safari 14
4a31b3b Fix spelling
7f40a4c add optional dependency bindings due to npm WARN registry
d45eef5 1.58.3
e656dea update changelog for v1.58.3
5bb74bc Merge pull request Remove unnecessary space in rq log getredash/redash#5345 from plotly/fix-5318-missing-axes-tick-labels