Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade fabric from 4.5.1 to 5.0.0 #6

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

awwaiid
Copy link

@awwaiid awwaiid commented Aug 30, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • apps/image-editor/package.json
    • apps/image-editor/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: fabric The new version differs by 82 commits.
  • fbd5004 RELEASE - Build v5.0 (#7634)
  • b857753 fix(fabric.Canvas): unflag contextLost after a full re-render.
  • a709d3b BREAKING - remove 4.x deprecated code (#7630)
  • 3feb866 feat(fabric.StaticCanvas, fabric.Canvas): limit breaking changes (#7627)
  • 8a3d9b1 feat(animation): animations registry (#7528)
  • c581aa4 docs(): Remove not working badges (#7623)
  • e3674c9 fix(eventjs) fix pointer for longpress
  • 56f0629 refactor(): remove unused property rotationCursor
  • 38cfcda feat(EraserBrush): V2 (#7470)
  • a32be8a ci(): add auto-changelog package to quickly draft a changelog (#7615)
  • 91f0940 feat(fabric.Canvas): fire an extra mouse up for the original control of the initial target (#7612)
  • ff53792 fix(fabric.Object) bounding box display with skewY when outside group (#7611)
  • a816eed fix(fabric.text) fix rtl/ltr performance issues (#7610)
  • 9d8fce4 fix(event.js) Prevent dividing by 0 in for touch gestures (#7607)
  • 176a4e9 feat(): `drop:before` event (#7442)
  • ae80776 ci(): Add codeql analysis step (#7588)
  • 16de5f2 security(): update onchange to solve security issue (#7591)
  • 64ee068 ci(): refresh package-lock.json
  • 64eb500 fix(): fix wrong retina change that broke uts
  • da355a9 fix(): MAJOR prevent render canvas with quality less than 100% (#7537)
  • 419c592 docs(): fix broken link (#7579)
  • 44845b8 Deps(): MAJOR update to jsdom 19 node 14 (#7587)
  • 7bdac32 Fix(): JSDOM transative vulnerability (#7510)
  • 4e0a872 fix(fabric.parser): attempt to resolve some issues with regexp (#7520)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

…json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants