Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix] Handle non-primitives in isNumber #12034

Merged
merged 1 commit into from
Feb 16, 2025
Merged

[fix] Handle non-primitives in isNumber #12034

merged 1 commit into from
Feb 16, 2025
+10 −1

Conversation

joshkel
Copy link
Contributor

@joshkel joshkel commented Feb 15, 2025

While investigating chartjs/chartjs-plugin-zoom#928, I found that isNonPrimitive will throw TypeError on a Moment.js object after it's passed through Chart.js's options proxy, because the object has its Symbol.toPrimitive, toString, and valueOf all set to null.

(See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String#string_coercion for background reading.)

Since isNumber appears to be a low-level function that can take any arbitrary input, it seems worth letting it handle this case.

@joshkel
[fix] Handle non-primitives in isNumber
Loading
Loading status checks…
e75a545 
While investigating chartjs/chartjs-plugin-zoom#928, I found that `isNonPrimitive` will throw TypeError on a Moment.js object after it's passed through Chart.js's options proxy, because the object has its `Symbol.toPrimitive`, `toString`, and `valueOf` all set to null.

(See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String#string_coercion for background reading.)

Since isNumber appears to be a low-level function that can take any arbitrary input, it seems worth letting it handle this case.
@etimberg etimberg added this to the Version 4.4.8 milestone Feb 16, 2025
@etimberg etimberg merged commit 2f42529 into chartjs:master Feb 16, 2025
7 checks passed
@joshkel joshkel deleted the non-primitive-isNumber branch February 17, 2025 14:05
DawoudIO added a commit to ChurchCRM/CRM that referenced this pull request Mar 22, 2025
@DawoudIO
[Snyk] Upgrade chart.js from 4.4.7 to 4.4.8 (#7291)
Loading
Loading status checks…
d7d7ac0 
![snyk-top-banner](https://redirect.github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)


<h3>Snyk has created this PR to upgrade chart.js from 4.4.7 to
4.4.8.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.

<hr/>


- The recommended version is **1 version** ahead of your current
version.

- The recommended version was released **a month ago**.



<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>chart.js</b></summary>
    <ul>
      <li>
<b>4.4.8</b> - <a
href="https://redirect.github.com/chartjs/Chart.js/releases/tag/v4.4.8">2025-02-19</a></br><h1>Essential
Links</h1>
<ul>
<li><a href="https://www.npmjs.com/package/chart.js"
rel="nofollow">npm</a></li>
<li><a
href="https://www.chartjs.org/docs/4.4.8/migration/v4-migration.html"
rel="nofollow">Migration guide</a></li>
<li><a href="https://www.chartjs.org/docs/4.4.8/"
rel="nofollow">Docs</a></li>
<li><a href="https://www.chartjs.org/docs/4.4.8/api/"
rel="nofollow">API</a></li>
<li><a
href="https://www.chartjs.org/docs/4.4.8/samples/information.html"
rel="nofollow">Samples</a></li>
</ul>
<ul>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2855725721" data-permission-text="Title is private"
data-url="chartjs/Chart.js#12034"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/12034/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/12034">#12034</a>
[fix] Handle non-primitives in isNumber</li>
</ul>
<h2>Bugs Fixed</h2>
<ul>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2861287106" data-permission-text="Title is private"
data-url="chartjs/Chart.js#12035"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/12035/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/12035">#12035</a>
Export ...ParsedData interfaces</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2818663010" data-permission-text="Title is private"
data-url="chartjs/Chart.js#12012"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/12012/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/12012">#12012</a>
Fix helpers `Chart` type</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2769020679" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11991"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11991/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11991">#11991</a>
Bugfix: TypeError in Interaction due to out-of-bounds index</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2766632066" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11986"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11986/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11986">#11986</a>
Bugfix: return nearest non-null point on interaction when
spanGaps=true</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2765297811" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11984"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11984/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11984">#11984</a>
Bugfix: span gaps over null values beyond scale limits</li>
</ul>
<h2>Types</h2>
<ul>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2861287106" data-permission-text="Title is private"
data-url="chartjs/Chart.js#12035"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/12035/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/12035">#12035</a>
Export ...ParsedData interfaces</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2818663010" data-permission-text="Title is private"
data-url="chartjs/Chart.js#12012"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/12012/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/12012">#12012</a>
Fix helpers `Chart` type</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2817152604" data-permission-text="Title is private"
data-url="chartjs/Chart.js#12010"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/12010/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/12010">#12010</a>
Type fixes for time adapters</li>
</ul>
<h2>Documentation</h2>
<ul>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2800752619" data-permission-text="Title is private"
data-url="chartjs/Chart.js#12005"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/12005/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/12005">#12005</a>
Correct broken link in animations.md</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2783665947" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11997"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11997/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11997">#11997</a>
Update linear-step-size.md</li>
</ul>
<h2>Development</h2>
<ul>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2861299890" data-permission-text="Title is private"
data-url="chartjs/Chart.js#12036"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/12036/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/12036">#12036</a>
chore: bump to v4.4.8</li>
</ul>
<p>Thanks to <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/etimberg/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/etimberg">@ etimberg</a>, <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/joshkel/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/joshkel">@ joshkel</a>, <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/marisst/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/marisst">@ marisst</a>, <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/pensono/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/pensono">@ pensono</a> and <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/prems51/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/prems51">@ prems51</a></p>
      </li>
      <li>
<b>4.4.7</b> - <a
href="https://redirect.github.com/chartjs/Chart.js/releases/tag/v4.4.7">2024-12-01</a></br><h1>Essential
Links</h1>
<ul>
<li><a href="https://www.npmjs.com/package/chart.js"
rel="nofollow">npm</a></li>
<li><a
href="https://www.chartjs.org/docs/4.4.7/migration/v4-migration.html"
rel="nofollow">Migration guide</a></li>
<li><a href="https://www.chartjs.org/docs/4.4.7/"
rel="nofollow">Docs</a></li>
<li><a href="https://www.chartjs.org/docs/4.4.7/api/"
rel="nofollow">API</a></li>
<li><a
href="https://www.chartjs.org/docs/4.4.7/samples/information.html"
rel="nofollow">Samples</a></li>
</ul>
<h2>Types</h2>
<ul>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="1917908007" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11521"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11521/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11521">#11521</a>
fix: correct typing for doughnut, pie, and polarArea charts</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2632473374" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11948"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11948/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11948">#11948</a>
Export TRBL from geometric</li>
</ul>
<h2>Documentation</h2>
<ul>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2707355372" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11968"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11968/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11968">#11968</a>
Add documentation about setting default tooltip fonts</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2680807381" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11962"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11962/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11962">#11962</a>
Show correct title in multi series pie chart example</li>
</ul>
<h2>Development</h2>
<ul>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2708926592" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11969"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11969/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11969">#11969</a>
Chore: bump version to 4.4.7</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2677470818" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11959"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11959/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11959">#11959</a>
Bump cross-spawn from 6.0.5 to 6.0.6</li>
<li><a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="1897450644" data-permission-text="Title is private"
data-url="chartjs/Chart.js#11501"
data-hovercard-type="pull_request"
data-hovercard-url="/chartjs/Chart.js/pull/11501/hovercard"
href="https://redirect.github.com/chartjs/Chart.js/pull/11501">#11501</a>
Simplify check undefinded</li>
</ul>
<p>Thanks to <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/Connormiha/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/Connormiha">@ Connormiha</a>, <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/DustinEwan/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/DustinEwan">@ DustinEwan</a>, <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/LeeLenaleee/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/LeeLenaleee">@ LeeLenaleee</a>, <a
class="user-mention notranslate" data-hovercard-type="organization"
data-hovercard-url="/orgs/dependabot/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/dependabot">@ dependabot</a> and <a
class="user-mention notranslate" data-hovercard-type="organization"
data-hovercard-url="/orgs/dependabot/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/dependabot">@ dependabot</a>[bot]</p>
      </li>
    </ul>
from <a
href="https://redirect.github.com/chartjs/Chart.js/releases">chart.js
GitHub release notes</a>
  </details>
</details>

---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with
your project.
> - This PR was automatically created by Snyk using the credentials of a
real user.

---

**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs._

**For more information:** <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIyZGQ1MmVmNi0yZTg3LTRiZTgtYjM5OC05MDYyYmFlOTg0NjUiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjJkZDUyZWY2LTJlODctNGJlOC1iMzk4LTkwNjJiYWU5ODQ2NSJ9fQ=="
width="0" height="0"/>

> - 🧐 [View latest project
report](https://app.snyk.io/org/dawoudio/project/e27b08aa-e5d2-4b10-8303-630a69d0b669?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 📜 [Customise PR
templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template)
> - 🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/dawoudio/project/e27b08aa-e5d2-4b10-8303-630a69d0b669/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/dawoudio/project/e27b08aa-e5d2-4b10-8303-630a69d0b669/settings/integration?pkg&#x3D;chart.js&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

[//]: #
'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"chart.js","from":"4.4.7","to":"4.4.8"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"2dd52ef6-2e87-4be8-b398-9062bae98465","prPublicId":"2dd52ef6-2e87-4be8-b398-9062bae98465","packageManager":"npm","priorityScoreList":[],"projectPublicId":"e27b08aa-e5d2-4b10-8303-630a69d0b669","projectUrl":"https://app.snyk.io/org/dawoudio/project/e27b08aa-e5d2-4b10-8303-630a69d0b669?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2025-02-19T15:48:26.514Z"},"vulns":[]}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@etimberg etimberg

@kurkle kurkle

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Version 4.4.8
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@joshkel @etimberg @kurkle