[Snyk] Upgrade echarts from 5.4.1 to 5.5.0

[X-oss-byte]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade echarts from 5.4.1 to 5.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-02-18.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ADOBECSSTOOLS-6096077	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Improper Input Validation SNYK-JS-POSTCSS-5926692	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-CYPRESSREQUEST-5871337	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ADOBECSSTOOLS-5871286	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: echarts

• 5.5.0 - 2024-02-18
  
  • [Break Change] [Feature] [core] change to default ESM package. #19513 (100pah)
  • [Feature] [ssr] server-side rendering and client hydration. #18381 (Ovilia)
  • [Feature] [animation] support multi-level drill-down for universal transition. #17611 (tyn1998)
  • [Feature] [pie] add padAngle option. #19076 (linghaoSu)
  • [Feature] [pie] add endAngle for control pie range. #18820 (linghaoSu)
  • [Feature] [polar] allow setting angleAxis.endAngle. #19099 (yassilah)
  • [Feature] [sampler] add min-max sampler function. #19279 (snukhulov)
  • [Feature] [i18n] add Arabic(AR) translation. #19214 (OthmanAliModaes)
  • [Feature] [i18n] add Dutch(NL) translation. #19252 (tijmenamsing)
  • [Feature] [tooltip] add appendTo option to allow customizing tooltip container. #18436 (viking7982)
  • [Feature] [label] support align for min/max labels. #19228 (Ovilia)
  • [Feature] [pictorialBar] support clip for pictorialBar series. #19197 (Ovilia)
  • [Feature] [tooltip] add dataIndex to valueFormatter callback. #19123 (ChepteaCatalin)
  • [Fix] [toolbox] fix toolbox text can't apply the specified or global font style. #19170 (plainheart)
  • [Fix] [label] fix labelLine default style when normal state not show but other state show. #18800 (linghaoSu)
  • [Fix] [labelLine] fix emphasis.labelLine is not working in pie chart. #19180 (shiersansi)
  • [Fix] [marker] fix markArea position when axis is with alignWithLabel. #19516 (Ovilia)
  • [Fix] [line] fix line may cross in time axis when animation is enabled. #18960 (plainheart)
  • [Fix] [scatter] fix edge scatter may be unexpectedly clipped due to tiny offset. #18867 (plainheart)
  • [Fix] [sunburst] label rotation flipping. #19176 (Ovilia)
  • [Fix] [aria] fix hard-coded series type name translation. #19239 (Ovilia)
  • [Feature] [matrix] allow rotating relative to a point different than the origin. #1034 (ChepteaCatalin)
  • [Fix] [graph] fix force layout iteration timer doesn't stop after disposing the chart. #19514 (plainheart)
  • [Fix] [tooltip] fix potential NPE when the parent node of the tooltip element doesn't exist. #19265 (plainheart)
  • [Fix] [visualMap] fix continuous visualMap mouseover event not register except first continuous visualMap. #19097 (linghaoSu)
  • [Fix] [clip] add an extra space to the clip-path width to prevent unexpected clip. #19056 (RexSkz)
  • [Fix] [dataset] fix multi typed array detection flaw. #19035 (linghaoSu)
  • [Fix] [core] fix potential NPE when reading default init options from global object in dev environment. #19217 (sunpm)
  • [Fix] [i18n] enhance default language fallback. #19107 (ultravires)
  • [Fix] [svg] fix assigning style attribute does not work when CSP is enforced. ecomfe/zrender#1030 (alxnddr)
  • [Fix] [svg] duplicate id for background rect with multiple charts. ecomfe/zrender#1002 (Ovilia)
  • [Fix] [node] make nodejs detection resilient. ecomfe/zrender#1036 (Uzlopak)
  • [Fix] [type] make ellipsis & options of the function truncateText optional. ecomfe/zrender#1047 (plainheart)
  • [Fix] [type] add missing value type string for barMinWidth and barMaxWidth of the bar series. #19424 (zhaxnb)
  • [Feature] [type] export EChartsInitOpts and some Payload types for echarts/core. #19103 (dalenguyen)
  • [Fix] [type] allow nullable value for OptionDataValue. #19111 (avin-kavish)
  • [Fix] [type] add undefined to the return type of graphic.clipRectByRect function. #18950 (benlongo)
  • [Fix] [type] remove duplicate extends at GraphNodeItemOption. #18901 (nenoNaninu)
  • [Refactor] [util] import liftColor function from zrender. #19526 (plainheart)

  New Contributors

  • @ captainhaddock18 made their first contribution in #18862
  • @ nenoNaninu made their first contribution in #18901
  • @ viking7982 made their first contribution in #18436
  • @ dalenguyen made their first contribution in #19103
  • @ ultravires made their first contribution in #19107
  • @ RexSkz made their first contribution in #19056
  • @ avin-kavish made their first contribution in #19111
  • @ shiersansi made their first contribution in #19174
  • @ sunpm made their first contribution in #19217
  • @ OthmanAliModaes made their first contribution in #19214
  • @ tijmenamsing made their first contribution in #19252
  • @ snukhulov made their first contribution in #19279
  • @ zhaxnb made their first contribution in #19424
  • @ hugo-syn made their first contribution in #19446
  • @ taks made their first contribution in #19499
• 5.5.0-rc.2 - 2024-02-04
  

  Release 5.5.0-rc.2

• 5.5.0-rc.1 - 2024-01-31
  

  Release 5.5.0-rc.1

• 5.4.3 - 2023-07-18
  Read more
• 5.4.3-rc.1 - 2023-07-14
  

  Release 5.4.3-rc.1

• 5.4.2 - 2023-03-23
  Read more
• 5.4.2-rc.1 - 2023-03-17
  

  Release 5.4.2-rc.1

• 5.4.1 - 2022-12-09
  Read more

from echarts GitHub release notes

Commit messages

Package name: echarts

• 0f4967b Merge pull request #19594 from apache/release-dev
• b046d78 chore: rebuild and relase 5.5.0-rc.2
• b0b4639 chore: relase 5.5.0-rc.2
• e3fa16c Merge pull request #19593 from apache/module_default_esm_fix2
• 6cefe27 fix: (1) Mistake in package.json "exports"."require" (2) Add entry for dist/** for file extension not specified usage (3) add dist/echarts.esm.mjs for case that not able to recognize as esm after dist/package.json with `{"type": "commonjs"}` added.
• 3fbfd2b Merge pull request #19577 from apache/release-dev
• b7548af chore: add a key
• 4d3bbae Merge pull request #19568 from apache/fix-jest
• fde9fbd fix(test): rename `jest.config.js` to `jest.config.cjs` to fix jest can't run
• 52735fa Merge pull request #19564 from apache/release-dev
• 3c6d9bb chore: release 5.5.0
• 2deb0fd Merge pull request #19549 from apache/release-dev
• 0392fb3 fix(ssr): call registerSSRDataGetter only with ssr
• 2a43d11 Merge pull request #19558 from apache/revert-18921-fix/tooltip-color
• 1b1284f Revert "fix(tooltip): fix opacity not work in tooltip marker"
• e14cc9a fix(ssr): hovering legend items should not trigger tooltip
• 61af513 Merge pull request #19543 from apache/module_default_esm_fix
• d403486 fix: (1) fix that some old version bundler (like rollup) do not recognize wildcard that not at the end of the patter string (e.g. "exports: {"./*.js": "xxx"}"). (2) Add readme to package.json.
• f996884 Merge pull request #19532 from apache/master
• 6b8fae8 Merge pull request #19513 from apache/module_default_esm
• 9c3fc0e Merge pull request #19526 from apache/import-liftColor-from-zrender
• 80172d6 Merge branch 'master' into module_default_esm
• abe29f0 [fix] tweak ssr ts type, impl, exports and eslint
• a2efa57 refactor(util): import `liftColor` function from zrender (feat(ssr): add emphasis style in ssr css apache/echarts#18334 ecomfe/zrender#999)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 27ac7fd

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.