package/chartjs: security bump to 2.9.4

CVE-2020-7746 (https://nvd.nist.gov/vuln/detail/CVE-2020-7746)

    The options parameter is not properly sanitized when it is processed.
    When the options are processed, the existing options (or the defaults
    options) are deeply merged with provided options. However, during this
    operation, the keys of the object being set are not checked, leading to
    a prototype pollution.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

diff --git a/package/chartjs/chartjs.hash b/package/chartjs/chartjs.hash
index a029d16ab1b545579c1bbe32e241dc6e8ea93a12..de4d6d4ebfa7bbe76e5674b3234bf7eab06dda4a 100644 (file)
--- a/package/chartjs/chartjs.hash
+++ b/package/chartjs/chartjs.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256 8079d8fd39131fcfaec33f1c7799412bcf8e051e25b10bd6e37fc16159417aa1  chartjs-2.9.3.tar.gz
+sha256 9ef3697e279a585c79730f35dba16ad4e24ddeed49a150adb341c31f191fb78e  chartjs-2.9.4.tar.gz
 sha256 7b43caae91f31b18dc81fae6e0f7aa1acbecaa6d84e3249905cbe15308307d67  LICENSE.md

diff --git a/package/chartjs/chartjs.mk b/package/chartjs/chartjs.mk
index 960b3e24afcb21d0b4b5eb39d425ac48f07a3551..82c86dc6cc7c54c13c4773ea77840f2d09241213 100644 (file)
--- a/package/chartjs/chartjs.mk
+++ b/package/chartjs/chartjs.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-CHARTJS_VERSION = 2.9.3
+CHARTJS_VERSION = 2.9.4
 CHARTJS_SITE = $(call github,chartjs,Chart.js,v$(CHARTJS_VERSION))
 CHARTJS_LICENSE = MIT
 CHARTJS_LICENSE_FILES = LICENSE.md