Skip to content

Commit e30da31

Browse files
committed
fix(deps): bump echarts to 6.1.0 to patch XSS vulnerability
Fixes GHSA-fgmj-fm8m-jvvx / CVE-2026-45249 — Lines series tooltip rendering could execute raw HTML from series.data[i].name when no custom tooltip.formatter is set.
1 parent 0507acf commit e30da31

2 files changed

Lines changed: 4 additions & 4 deletions

File tree

apps/sim/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,7 @@
140140
"docx": "^9.6.1",
141141
"docx-preview": "^0.3.7",
142142
"drizzle-orm": "^0.45.2",
143-
"echarts": "6.0.0",
143+
"echarts": "6.1.0",
144144
"es-toolkit": "1.45.1",
145145
"ffmpeg-static": "5.3.0",
146146
"fluent-ffmpeg": "2.1.3",

bun.lock

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)