[Snyk] Upgrade canvas from 2.4.1 to 2.9.1

[saurabharch]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade canvas from 2.4.1 to 2.9.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released a month ago, on 2022-03-19.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Arbitrary File Write SNYK-JS-TAR-1579155	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	425/1000 Why? CVSS 8.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	425/1000 Why? CVSS 8.5	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	425/1000 Why? CVSS 8.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	425/1000 Why? CVSS 8.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	425/1000 Why? CVSS 8.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	425/1000 Why? CVSS 8.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	425/1000 Why? CVSS 8.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: canvas

• 2.9.1 - 2022-03-19
  No content.
• 2.9.0 - 2022-01-17
  No content.
• 2.8.0 - 2021-05-17
  No content.
• 2.7.0 - 2021-03-01
  

  Note: This is the first prebuild served from Automattic/node-canvas. Previous release prebuilds are served from https://github.com/node-gfx/node-canvas-prebuilt/releases.

• 2.6.1 - 2019-10-06
  

  2.6.1

• 2.6.0 - 2019-06-11
  

  2.6.0

• 2.5.0 - 2019-05-01
  

  2.5.0

• 2.4.1 - 2019-03-19
  

  2.4.1

from canvas GitHub release notes

Commit messages

Package name: canvas

• 9d8da5b v2.9.1
• 4273771 Fix CI
• d7c4673 Add support for multi-byte font path on Windows
• ddce10f select fonts via postscript name on Linux
• 009d594 replace some remaining glib calls
• 6fd0fa5 make types compatible with typescript 4.6 (#1986)
• 0bccc05 bug: fix process crash in getImageData for PDF/SVG canvases
• 83a8df1 Add missing cctype include for toupper
• 5fc80e7 bug: stringify CanvasPattern, ImageData, CanvasGradient like browsers
• d603479 v2.9.0
• aed721d Update nan
• a721d51 Clean up isnan/isinf, use isfinite
• 604db27 Run standard --fix
• 324134b use classes/const/let etc
• 1980805 Fix building on M1 macOS
• a4b571b Point to troubleshooting guide in issue template
• 4a891ef Revert "export type NodeCanvasRenderingContext2D"
• e48cc30 Update has_lib.js to support Apple M1 with homebrew (#1872)
• d7ebfce Merge pull request #1623 from samizdatco/pattern-transform
• f27e10a src: remove semicolons from DOMMatrix.js
• e278660 lib: use strings for non-special cases (#1820)
• 8de64bd tests(): add failing test for direction rtl and textAlign START/END (#1824)
• 1e54481 Add `deregisterAllFonts` method. (#1811)
• 6bbc8cb changelog: update changelog

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.