Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade fabric from 1.7.22 to 3.0.0 #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade fabric from 1.7.22 to 3.0.0 #3

wants to merge 1 commit into from

Conversation

don-smith
Copy link
Member

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 556/1000
Why? Recently disclosed, Has a fix available, CVSS 5.4		 XML External Entity (XXE) Injection
SNYK-JS-XMLDOM-1084960		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: fabric The new version differs by 250 commits.
  • 4766658 Fabric 3.0 (#5696)
  • 05591f2 Added tests for recent changes from contributors (#5697)
  • 4f972cf Update observable.mixin.js (#5606)
  • 43de9c3 add code for restore saved clipPath (#5641)
  • f9f4f28 Do not load undefine objects in group/canvas array and fix gradients (#5684)
  • f77e485 Polygon/Polyline/Path respect points position when initializing outside svg (#5668)
  • ca94b2d Add enablePointerEvents to Canvas init option (#5589)
  • 06b0ca1 Fix 'before:selection:cleared' event in order to receive as target the whole activeSelection if present (#5658)
  • b12026c fix Textbox selectable property not restored after exitEditing (#5655)
  • f0a139b Add visual test for rect with no dimensions from svg (#5653)
  • ce23118 fixed handling of empty lines in splitByGrapheme (#5645)
  • 96131c7 Fixing onSelect being called when objects were not intersected (#5632)
  • bdf94c7 Add some extra testing for text and textbox (#5638)
  • 165f0aa Avoid finding target if we are transforming (#5637)
  • 765f115 save the new boolean (#5627)
  • 8b6dc56 strokeUniform and cache canvas dimensions (#5626)
  • 3ed16aa Avoid quoting multiple fontnames (#5624)
  • 7c9049f Add documentation for animate abort documentation (#5623)
  • 031144a minimal test added for disableCopyPaste (#5622)
  • 66037c7 added disableStyleCopyPaste property (#5590)
  • 876325c add a simple toSVG export for clipPath text (#5591)
  • 72e4c09 Fix shadow offsets on dataUrl export (#5593)
  • b538562 Update rect.class.js - fix issue with incorrect <rect> tags in SVG (#5582)
  • 35c2c3b Fix splitByGrapheme selection (#5588)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json to reduce vulnerabilities
11dfcc2 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@don-smith @snyk-bot