Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade plotly.js from 1.48.3 to 1.54.1 #165

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade plotly.js from 1.48.3 to 1.54.1 #165

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade plotly.js from 1.48.3 to 1.54.1.

merge advice

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 19 versions ahead of your current version.
  • The recommended version was released a month ago, on 2020-05-04.

The recommended version fixes:

Severity Issue Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469		 No Known Exploit
Release notes
Package name: plotly.js
  • 1.54.1 - 2020-05-04

    [1.54.1] -- 2020-05-04

    Changed

    Fixed

    • Set pointer-events only for editable shapes to allow pan, zoom & hover
      events to work inside shapes (regression introduced in 1.54.0) [#4810]
    • Update and validate various mocks [#4762]
  • 1.54.0 - 2020-04-30

    Added

    • Introduce new drag modes "drawline", "drawrect", "drawcircle", "drawopenpath", "drawclosedpath" &
      add optional modebar buttons for drawing & removing new shapes inside cartesian subplots &
      add newshape and activeshape attributes to layout &
      add editable and fillrule attributes to layout.shapes [#4775]
    • Add angle and allowoverlap attributes to marker of scattermapbox traces [#4575, #4794]
    • Add Portuguese (Portugal) pt-pt locale [#4736]

    Changed

    Fixed

    • Sanitize sourceattribution in mapbox layers [#4793]
    • Fix reactto mapbox style changes [#4720]
    • Fix transform sort order with gaps [#4783]
    • Fix autorange for bar and waterfall when base is present [#4714]
    • Fix "extremes" opacityscale option for volume and surface [#4725]
    • Fix no-WebGL warning for scattergl and splom traces [#4777]
    • Fix notifier CSS to have a fallback in font stack [#4778]
  • 1.53.0 - 2020-03-31
    Read more
  • 1.52.3 - 2020-03-02

    Fixed

    • Make identical bundles on different nodes [#4601]
    • Fix (regression introduced in 1.52.1) and improve interactive display of narrow points of bar-like traces [#4568]
    • Ensure text fits inside sunburst sectors with zero values [#4580]
    • Reset splom selectBatch and unselectBatch on updates [#4595]
    • Retry different mobile/tablet config to render gl3d subplots on various devices & browsers e.g. Brave [#4549]
    • Bump is-mobile to handle iPad Pro & iPad 7th + iOs v13 + Safari [#4548]
    • Fix orthographic hover after scroll zoom [#4562]
    • Preserve gl3d scene aspectratio after orthographic scroll zoom [#4578]
    • Include gl3d scene.aspectmode changes in relayout updates [#4579]
    • Apply utf-8 charset in test_dashboard [#4554]
  • 1.52.2 - 2020-02-03

    Fixed

    • Handle 'missing' matching axes [#4529]
    • Fix hover for mesh3d, isosurface and volume
      when using plotGlPixelRatio > 1 (bug introduced in 1.45.0) [#4534]
    • Fix hover of mesh3d traces with facecolor and intensitymode: 'cell' [#4539]
    • Fix gl3d rendering on iPad Pro & iPad 7th + iOs v13 + Safari [#4360, #4546]
    • Fix pixel-rounding logic for blank bars [#4522]
    • Fix pathbar.visible updates in treemap traces [#4516]
    • Fix waterfall 'closest' hover when cursor is below the size axis [#4537]
    • Fix mapbox layout layer opacity for raster types [#4525]
    • Allow 0 in grouby transform nameformat templates [#4526]
    • Fix Plotly.validate for valType:'any' attributes [#4526]
    • Bump d3-interpolate to v1.4.0 [#4475]
    • Bump d3-hierarchy to v1.1.9 [#4475]
    • Fix typo in annotation align attribute description [#4528]
    • Fix plot_bgcolor and paper_bgcolor attribute description [#4536]
    • Fix insidetextorientation description for pie and sunburst traces [#4523]
  • 1.52.1 - 2020-01-13

    [1.52.1] -- 2020-01-13

    Fixed

    • Fix handling of geo.visible false edge case in order to
      override template.layout.geo.show* attributes [#4483]
  • 1.52.0 - 2020-01-08
    Read more
  • 1.51.3 - 2019-12-16

    Fixed

    • Fix Plotly.Plots.resize edge cases ensuring now that
      its promises always resolve [#4392]
    • Fix position of link hover labels in vertical sankey [#4404]
    • Fix box autorange for traces with "inverted" notched [#4388]
  • 1.51.2 - 2019-11-25
    Read more
  • 1.51.1 - 2019-11-04
    Read more
  • 1.51.0 - 2019-10-29
  • 1.50.1 - 2019-10-15
  • 1.50.0 - 2019-10-07
  • 1.49.5 - 2019-09-18
  • 1.49.4 - 2019-08-22
  • 1.49.3 - 2019-08-20
  • 1.49.2 - 2019-08-13
  • 1.49.1 - 2019-07-31
  • 1.49.0 - 2019-07-24
  • 1.48.3 - 2019-06-13
from plotly.js GitHub release notes
Commit messages
Package name: plotly.js
  • 36b478d 1.54.1
  • e6e6f86 update changelog v1.54.1
  • aa8ccc6 Merge pull request #4811 from plotly/use-acorn-v6
  • ff4d016 install acorn v6 so that npm run preversion pass
  • 9112759 Merge pull request #4810 from plotly/fix4808-shape-pointer-events
  • bb3f858 fixup config editable: true test
  • 078c007 allow activation of editable shapes using opaque fill
  • 3e96a40 fix issue 4806 and 4808 - use and ensure stroke event only to activate editable shapes
  • 245eeec Merge pull request #4805 from plotly/update-package-lock-May2
  • 10b8419 update package-lock May 2nd
  • cbd7e6e Merge pull request #4802 from plotly/rebuild-package-lock-May01-2020
  • 6032aba keep version of to-px and ndarray for now
  • e3175fc update package-lock using not allowing any bump by removing ^ before npm i
  • f0eebc0 pin down regl version to be v1.3.11
  • fcceb7a update package-lock.json
  • d9df934 remove audit files
  • a883997 remove package-lock and rebuild it
  • fa40c66 make audit files
  • 3b1ff46 Merge pull request #4800 from plotly/dev-install-acorn
  • 8a96b50 dev-install espree v6.2.1 and mkdirp v1.0.4 and move acorn to dev-deps
  • 626a34c remove audit files
  • cabe146 dev-install acorn v7.1.1
  • c8e99f1 make audit files
  • 4b33d8f Merge pull request #4799 from plotly/dev-install-static-eval

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot