Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency canvas to v2.8.0 #51

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Jul 9, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
canvas 2.6.1 -> 2.8.0 age adoption passing confidence

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE Reachability
Critical Critical 9.8 CVE-2021-44906

Unreachable

High High 8.8 CVE-2022-0355

Unreachable

High High 8.2 CVE-2021-32803

Unreachable

High High 8.2 CVE-2021-32804

Unreachable

High High 8.2 CVE-2021-37701

Unreachable

High High 8.2 CVE-2021-37712

Unreachable

High High 8.2 CVE-2021-37713

Unreachable

High High 7.3 CVE-2020-7788

Unreachable

Medium Medium 5.3 CVE-2022-25883

Unreachable

Low Low 3.7 CVE-2017-16137

Unreachable


Release Notes

Automattic/node-canvas (canvas)

v2.8.0

Compare Source

==================

Changed
  • Upgrade dtslint
  • Upgrade node-pre-gyp to 1.0.0. Note that if you are using special node-pre-gyp
    features like node_pre_gyp_accessKeyId, you may need to make changes to your
    installation procedure. See https://github.com/mapbox/node-pre-gyp/blob/master/CHANGELOG.md#100.
  • Add Node.js v16 to CI.
  • The C++ class method nBytes() now returns a size_t. (Because this is a C++
    method only, this is not considered a breaking change.)
Added
  • Add support for inverse() and invertSelf() to DOMMatrix (#​1648)
  • Add support for context.getTransform() (#​1769)
  • Add support for context.setTransform(dommatrix) (#​1769)
Fixed
  • Fix actualBoundingBoxLeft and actualBoundingBoxRight returned by measureText to be the ink rect (#​1776, fixes #​1703).
  • Fix Pango logging "expect ugly output" on Windows (#​1643)
  • Fix benchmark for createPNGStream (#​1672)
  • Fix dangling reference in BackendOperationNotAvailable exception (#​1740)
  • Fix always-false comparison warning in Canvas.cc.
  • Fix Node.js crash when throwing from an onload or onerror handler.

v2.7.0

Compare Source

==================

Changed
  • Switch CI to Github Actions. (Adds Windows and macOS builds.)
  • Switch prebuilds to GitHub actions in the Automattic/node-canvas repository.
    Previously these were in the node-gfx/node-canvas-prebuilt
    and triggered manually.
  • Speed up fillStyle= and strokeStyle=
Added
  • Export rsvgVersion.
  • CanvasPattern’s setTransform method is no longer missing
Fixed
  • Fix BMP issues. (#​1497)
  • Update typings to support jpg and addPage on NodeCanvasRenderingContext2D (#​1509)
  • Fix assertion failure when using Visual Studio Code debugger to inspect Image prototype (#​1534)
  • Fix signed/unsigned comparison warning introduced in 2.6.0, and function cast warnings with GCC8+
  • Fix to compile without JPEG support (#​1593).
  • Fix compile errors with cairo
  • Fix Image#complete if the image failed to load.
  • Upgrade node-pre-gyp to v0.15.0 to use latest version of needle to fix error when downloading prebuilds.
  • Don't throw if fillStyle or strokeStyle is set to an object, but that object is not a Gradient or Pattern. (This behavior was non-standard: invalid inputs are supposed to be ignored.)

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Jul 9, 2023
@mend-for-github-com mend-for-github-com bot changed the title Update dependency canvas to v2.7.0 Update dependency canvas to v2.8.0 Jul 27, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/canvas-2.x branch from 1937d83 to 04c41c5 Compare July 27, 2023 02:26
@mend-for-github-com mend-for-github-com bot changed the title Update dependency canvas to v2.8.0 Update dependency canvas to v2.7.0 Aug 2, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/canvas-2.x branch from 04c41c5 to e711a06 Compare August 2, 2023 02:10
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/canvas-2.x branch from e711a06 to 6a873c9 Compare October 14, 2023 06:12
@mend-for-github-com mend-for-github-com bot changed the title Update dependency canvas to v2.7.0 Update dependency canvas to v2.8.0 Oct 14, 2023
@amplify-self-hosted-runners
Copy link

Check Name Conclusion Summary Output
Mend Security Check failure Security Report output
Mend License Check success License Report output

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants