Skip to content
GitLab

[Snyk] Security upgrade smoothie from 1.35.0 to 1.36.1

Open Ben Chester requested to merge snyk-fix-6950c8af622c457318ca8f7f9ee5000f into master

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • src/package.json
    • src/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 663/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-JS-SMOOTHIE-3177364 		No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: smoothie The new version differs by 71 commits.
  • e9d6c5f Merge pull request #148 from joewalnes/release-1.36.1
  • e136686 chore: bump version to 1.36.1
  • 8e0920d fix: potential XSS when `tooltipLabel` or `strokeStyle` are controlled by users
  • 0b89817 Merge pull request #145 from WofWca/license-jsdoc
  • ad40bd4 chore: make it easier for build tools to preserve the license comment
  • 2242b87 Merge pull request #134 from WofWca/sharp-everything
  • 0eacd38 Merge branch 'master' into sharp-everything
  • deac898 Version 1.36.0
  • 7052690 Add tool tip section to builder
  • c5b3376 Move option in builder
  • 23ee85c Qualify label in builder
  • e9b2d51 Merge branch 'fix-intermediateLabelPos' into recent-mrs
  • fb4f18e Fix: declare local var intermediateLabelPos
  • 1e33750 Merge branch 'perf' into recent-mrs
  • 3777c46 perf: Revert "perf: remove unnecessary `context.save()`& `context.restore()`"
  • b80a73a docs: update changelog
  • 32d2ba4 Merge branch 'sharp-everything' into recent-mrs
  • 3841a88 improvement: set default `grid.lineWidth` to 2 to reduce visual flickering
  • 1e4a9bd Merge branch 'consistent-fill' into recent-mrs
  • ccc831d Merge branch 'fix-delay-for-custom-render-time' into recent-mrs
  • 8180e1e Merge branch 'perf' into recent-mrs
  • 821509d Merge branch 'sharp-everything' into recent-mrs
  • e19b7d6 Merge branch 'fix-memory-leak' into recent-mrs
  • c25368c Merge branch 'fix-jumpiness' into recent-mrs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)