[Snyk] Security upgrade chartjs-node-canvas from 4.1.6 to 5.0.0

[adamlaska]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• dev/coverage-action/package.json
• dev/coverage-action/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	646
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	None	0	2.75 kB	forbeslindesay
npm/[email protected]	None	0	5.93 kB	sindresorhus
npm/[email protected]	None	0	4.41 kB	hughsk
npm/[email protected]	None	0	3.54 kB	sindresorhus
npm/[email protected]	None	0	13.3 kB	rvagg
npm/[email protected]	None	0	29.3 kB	oss-bot
npm/[email protected]	filesystem	0	37.5 kB	coreyfarrell
npm/[email protected]	None	0	291 kB	oss-bot
npm/[email protected]	None	0	496 kB	mgol
npm/[email protected]	None	0	1.3 MB	sschadwick
npm/[email protected]	None	0	1.32 MB	timmywil
npm/[email protected]	None	0	27.4 kB	carhartl
npm/[email protected]	None	0	438 kB	yaozilong
npm/[email protected]	None	0	3.83 kB	forbeslindesay
npm/[email protected]	None	0	45.8 kB	andyperlitch
npm/[email protected]	None	0	10.4 kB	isaacs
npm/[email protected]	None	0	26.1 kB	kriszyp
npm/[email protected]	None	0	12.7 kB	isaacs
npm/[email protected]	None	0	229 kB	jordanbtucker
npm/[email protected]	filesystem	0	19.8 kB	ryanzim
npm/[email protected]	None	0	31.4 kB	bahamat
npm/[email protected]	filesystem	0	21.2 kB	timothygu
npm/[email protected]	None	0	19.4 kB	bahmutov
npm/[email protected]	None	0	5.39 kB	eventualbuddha
npm/[email protected]	None	0	943 kB	javve
npm/[email protected]	environment	0	168 kB	cenk1cenk2
npm/[email protected]	environment, filesystem, unsafe	0	2.32 MB	kriszyp
npm/[email protected]	None	0	10.2 kB	jdalton
npm/[email protected]	None	0	75.8 kB	jdalton
npm/[email protected]	None	0	4.58 kB	sindresorhus
npm/[email protected]	None	0	7.58 kB	sindresorhus
npm/[email protected]	None	0	68.7 kB	isaacs
npm/[email protected] ➜ 3.0.4	None	0	3.9 MB	icambron
npm/[email protected]	None	0	373 kB	antfu
npm/[email protected]	environment, network	0	59 kB	nlf
npm/[email protected]	None	0	562 kB	escattone
npm/[email protected]	None	0	4.31 kB	stevemao
npm/[email protected]	None	0	206 kB	dougwilson
npm/[email protected]	None	0	18.3 kB	dougwilson
npm/[email protected]	environment, filesystem	0	51.7 kB	broofa
npm/[email protected]	None	0	4.46 kB	sindresorhus
npm/[email protected]	None	0	4.87 kB	isaacs
npm/[email protected]	environment, network	+1	63.6 kB	nlf
npm/[email protected]	None	0	3.77 kB	isaacs
npm/[email protected]	None	0	7 kB	isaacs
npm/[email protected]	None	0	124 kB	isaacs
npm/[email protected]	None	0	3.67 MB	ichernev
npm/[email protected]	None	0	4.23 MB	ichernev
npm/[email protected]	None	0	14.6 kB	kriszyp
npm/[email protected]	environment, eval, unsafe	0	306 kB	kriszyp
npm/[email protected]	None	0	6.34 kB	mikolalysenko
npm/[email protected]	environment	0	23.8 MB	07akioni
npm/[email protected]	None	0	21.6 kB	ai
npm/[email protected]	None	0	27.4 kB	dougwilson
npm/[email protected] ➜ 4.3.0	None	0	384 kB	nicknaso
npm/[email protected]	environment, filesystem, unsafe	0	13.3 kB	kriszyp
npm/[email protected]	environment, filesystem	0	12.8 kB	mafintosh
npm/[email protected]	environment, shell	0	1.98 MB	rvagg
npm/[email protected]	None	0	24.5 kB	chicoxyzzy
npm/[email protected]	environment	0	8.13 kB	sindresorhus
npm/[email protected] ➜ 6.0.2	None	0	17.1 kB	lukekarrys
npm/[email protected]	None	0	42.6 kB	feedic
npm/[email protected]	None	0	2.84 kB	zertosh
npm/[email protected]	unsafe	0	13.7 kB	dougwilson
npm/[email protected]	None	0	6.17 kB	sindresorhus
npm/[email protected]	None	0	48.5 kB	kriszyp
npm/[email protected]	environment	0	3.38 kB	jprichardson
npm/[email protected]	None	0	8.69 kB	sindresorhus
npm/[email protected]	environment, unsafe	0	38.9 kB	devongovett
npm/[email protected]	None	0	5.41 kB	sindresorhus
npm/[email protected]	None	0	108 kB	blakeembrey
npm/[email protected]	None	0	6.01 kB	superjoe
npm/[email protected]	None	0	11.3 kB	meryn
npm/[email protected]	environment	0	5.66 kB	alexeyraspopov
npm/[email protected]	None	0	6.02 kB	sindresorhus
npm/[email protected]	None	0	5.98 kB	seb.l.
npm/[email protected]	environment	0	382 kB	posva
npm/[email protected]	None	0	183 kB	evilebottnawi
npm/[email protected]	None	0	27.2 kB	evilebottnawi
npm/[email protected]	environment, filesystem	0	186 kB	ai
npm/[email protected]	None	0	31.8 kB	scrum
npm/[email protected]	None	0	31.1 kB	scrum
npm/[email protected]	None	0	908 kB	jdecroock
npm/[email protected]	None	0	11.5 kB	sindresorhus
npm/[email protected]	None	0	3.04 kB	iarna
npm/[email protected]	None	0	15.6 kB	achingbrain
npm/[email protected]	eval	0	90.7 kB	forbeslindesay
npm/[email protected]	None	+1	197 kB	terkelg
npm/[email protected]	environment	0	24.2 kB	rob-w
npm/[email protected]	None	0	433 kB	lupomontero
npm/[email protected]	None	0	7.92 kB	pug-bot
npm/[email protected]	Transitive: filesystem	+1	45.5 kB	pug-bot
npm/[email protected]	None	0	4.59 kB	pug-bot
npm/[email protected]	None	0	9.58 kB	pug-bot
npm/[email protected]	None	0	59.3 kB	pug-bot
npm/[email protected]	None	0	8.57 kB	pug-bot
npm/[email protected]	filesystem	0	9.33 kB	pug-bot
npm/[email protected]	None	0	35.8 kB	pug-bot
npm/[email protected]	None	0	5.95 kB	pug-bot
npm/[email protected]	None	0	9.61 kB	pug-bot
npm/[email protected]	environment, eval, filesystem	0	59.7 kB	pug-bot
npm/[email protected]	filesystem	0	7.78 kB	mafintosh
npm/[email protected]	None	0	126 kB	ljharb
npm/[email protected]	None	0	17.6 kB	jessetane
npm/[email protected]	None	0	8.46 kB	dougwilson
npm/[email protected]	network	0	357 kB	iansu
npm/[email protected]	environment	0	55.5 kB	gaearon
npm/[email protected]	filesystem	0	20.5 kB	paulmillr
npm/[email protected]	None	0	27.4 kB	benjamn
npm/[email protected]	None	0	23 kB	satazor
npm/[email protected]	filesystem	0	12.1 kB	troygoode
npm/[email protected]	None	0	2.82 kB	sindresorhus
npm/[email protected]	None	0	32.2 kB	tim-kos
npm/[email protected]	None	0	24 kB	davidmarkclements
npm/[email protected]	None	0	298 kB	mourner
npm/[email protected]	environment, filesystem, unsafe	0	6.67 MB	lukastaegert
npm/[email protected]	filesystem	0	24.2 kB	mbostock
npm/[email protected]	None	0	4.48 MB	blesh
npm/[email protected]	None	0	42.3 kB	chalker
npm/[email protected]	None	0	4.49 MB	sassbot
npm/[email protected]	None	0	70.7 kB	07akioni
npm/[email protected]	None	0	169 kB	apalfrey
npm/[email protected]	None	0	846 kB	kevin-brown
npm/[email protected] ➜ 5.7.1	None	0	61.6 kB	isaacs
npm/[email protected]	filesystem, network	0	50.1 kB	dougwilson
npm/[email protected]	None	0	4.03 kB	wesleytodd
npm/[email protected]	None	0	6.79 kB	terkelg
npm/[email protected] ➜ 3.0.0	None	0	6.2 kB	sindresorhus
npm/[email protected]	None	0	138 kB	joshglazebrook
npm/[email protected]	network	0	27.4 kB	kikobeats
npm/[email protected]	network	0	152 kB	joshglazebrook
npm/[email protected]	None	0	551 kB	owenm
npm/[email protected]	None	0	148 kB	7rulnik
npm/[email protected]	filesystem	+1	890 kB	linusu
npm/[email protected]	None	0	31.8 kB	rich_harris
npm/[email protected]	None	0	231 kB	bahamat
npm/[email protected]	None	0	37.5 kB	nlf
npm/[email protected]	None	0	8.41 kB	stephank
npm/[email protected]	None	0	12.1 kB	dougwilson
npm/[email protected]	None	0	9.31 kB	nwoltman
npm/[email protected]	None	0	3.05 kB	sindresorhus
npm/[email protected]	filesystem	0	975 kB	trysound
npm/[email protected]	environment, shell	0	64.4 kB	sindresorhus
npm/[email protected]	environment, eval	0	2.03 MB	fabiosantoscode
npm/[email protected]	None	0	23.6 kB	coreyfarrell
npm/[email protected]	None	0	4.49 kB	dominicbarnes
npm/[email protected]	None	0	12.5 kB	dominictarr
npm/[email protected]	None	0	58.7 kB	mziccard
npm/[email protected]	filesystem	0	52.9 kB	raszi
npm/[email protected]	None	0	3.5 kB	sindresorhus
npm/[email protected]	None	0	4.68 kB	dougwilson
npm/[email protected]	None	0	5.53 kB	timothygu
npm/[email protected]	network	0	86.6 kB	jstash
npm/[email protected] ➜ 1.0.1	None	0	322 kB	sebmaster
npm/[email protected]	environment	0	93.1 kB	07akioni
npm/[email protected] ➜ 2.4.0	None	0	50 kB	typescript-bot
npm/[email protected]	environment, network	0	16.7 kB	mikeal
npm/[email protected]	None	0	119 kB	sindresorhus
npm/[email protected]	None	0	41.4 kB	iarna
npm/[email protected]	None	0	2.68 kB	zkat
npm/[email protected]	None	0	4.64 kB	ryanzim
npm/[email protected]	None	0	3.01 kB	sindresorhus
npm/[email protected]	None	0	62.2 kB	piotrwitek
npm/[email protected]	filesystem, unsafe	0	44.6 kB	oss-bot
npm/[email protected]	None	0	18.4 kB	07akioni
npm/[email protected]	None	0	35.8 kB	dap
npm/[email protected]	environment, eval, filesystem, network, shell, unsafe	0	4.59 MB	vitebot
npm/[email protected]	None	0	3.11 kB	forbeslindesay
npm/[email protected]	environment	0	52.8 kB	07akioni
npm/[email protected]	filesystem	0	20.5 kB	antfu
npm/[email protected]	unsafe	0	1.06 MB	ota-meshi
npm/[email protected]	environment	0	795 kB	posva
npm/[email protected]	environment, eval	0	2.58 MB	yyx990803
npm/[email protected]	None	0	225 kB	07akioni
npm/[email protected]	None	0	28.2 kB	kriszyp
npm/[email protected] ➜ 4.0.2	None	0	19.3 kB	domenic
npm/[email protected] ➜ 7.1.0	None	0	78.4 kB	domenic
npm/[email protected]	Transitive: environment	+1	1.09 MB	with-bot
npm/[email protected]	None	0	10.6 kB	sindresorhus
npm/[email protected]	environment, network	0	135 kB	lpinca
npm/[email protected]	None	0	13.5 kB	domenic
npm/[email protected]	None	0	40.6 kB	jungomi
npm/[email protected]	filesystem	0	23.4 kB	oss-bot
npm/[email protected]	environment	0	649 kB	eemeli
npm/[email protected]	environment, filesystem	+1	411 kB	oss-bot
npm/[email protected]	filesystem	0	66.2 kB	thejoshwolfe
npm/[email protected]	None	0	3.46 MB	wheels

🚮 Removed packages: npm/@actions/[email protected], npm/@actions/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Obfuscated code	npm/[email protected]	Confidence: 0.98 Location: Package overview	package.json yarn.lock	⚠︎

View full report↗︎

Next steps

What is obfuscated code?

Obfuscated files are intentionally packed to hide their behavior. This could be a sign of malware.

Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]