[Snyk] Upgrade canvas from 2.11.2 to 3.0.0

[snyk-io]

Snyk has created this PR to upgrade canvas from 2.11.2 to 3.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 7 versions ahead of your current version.

• The recommended version was released 25 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	131	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	131	Proof of Concept

Release notes

Package name: canvas

• 3.0.0 - 2024-12-23
  

  3.0.0

  This release notably changes to using N-API. 🎉

  Breaking

  • Dropped support for Node.js 16.x and below.

  Changed

  • Migrated to N-API (by way of node-addon-api) and removed libuv and v8 dependencies
  • Change from node-pre-gyp to prebuild-install
  • Defer the initialization of the op variable to the default switch case to avoid a compiler warning. (#2229)
  • Use a default switch case with a null statement if some enum values aren't suppsed to be handled, this avoids a compiler warning. (#2229)
  • Migrate from librsvg's deprecated rsvg_handle_get_dimensions() and rsvg_handle_render_cairo() functions to the new rsvg_handle_get_intrinsic_size_in_pixels() and rsvg_handle_render_document() respectively. (#2229)
  • Avoid calling virtual methods in constructors/destructors to avoid bypassing virtual dispatch. (#2229)
  • Remove unused private field backend in the Backend class. (#2229)
  • Add Node.js v20 to CI. (#2237)
  • Replaced dtslint with tsd (#2313)
  • Changed PNG consts to static properties of Canvas class
  • Reverted improved font matching on Linux (#1572) because it doesn't work if fonts are installed. If you experience degraded font selection, please file an issue and use v3.0.0-rc3 in the meantime.

  Added

  • Added string tags to support class detection
  • Throw Cairo errors in canvas.toBuffer()

  Fixed

  • Fix a case of use-after-free. (#2229)
  • Fix usage of garbage value by filling the allocated memory entirely with zeros if it's not modified. (#2229)
  • Fix a potential memory leak. (#2229)
  • Fix the wrong type of setTransform
  • Fix the improper parsing of rgb functions issue. (#2300)
  • Fix issue related to improper parsing of leading and trailing whitespaces in CSS color. (#2301)
  • RGB functions should support real numbers now instead of just integers. (#2339)
  • Allow alternate or properly escaped quotes within font-family names
  • Fix TextMetrics type to include alphabeticBaseline, emHeightAscent, and emHeightDescent properties
  • Fix class properties should have defaults as standard js classes (#2390)
  • Fixed Exif orientation in JPEG files being ignored (#1670)
  • Align DOMMatrix/DOMPoint to spec by adding missing methods
• 3.0.0-rc3 - 2024-12-07
  

  This release notably changes to using N-API. 🎉

  Breaking

  • Dropped support for Node.js 16.x and below.

  Changed

  • Migrated to N-API (by way of node-addon-api) and removed libuv and v8 dependencies
  • Change from node-pre-gyp to prebuild-install
  • Defer the initialization of the op variable to the default switch case to avoid a compiler warning. (#2229)
  • Use a default switch case with a null statement if some enum values aren't suppsed to be handled, this avoids a compiler warning. (#2229)
  • Migrate from librsvg's deprecated rsvg_handle_get_dimensions() and rsvg_handle_render_cairo() functions to the new rsvg_handle_get_intrinsic_size_in_pixels() and rsvg_handle_render_document() respectively. (#2229)
  • Avoid calling virtual methods in constructors/destructors to avoid bypassing virtual dispatch. (#2229)
  • Remove unused private field backend in the Backend class. (#2229)
  • Add Node.js v20 to CI. (#2237)
  • Replaced dtslint with tsd (#2313)
  • Changed PNG consts to static properties of Canvas class

  Added

  • Added string tags to support class detection
  • Throw Cairo errors in canvas.toBuffer()

  Fixed

  • Fix a case of use-after-free. (#2229)
  • Fix usage of garbage value by filling the allocated memory entirely with zeros if it's not modified. (#2229)
  • Fix a potential memory leak. (#2229)
  • Fix the wrong type of setTransform
  • Fix the improper parsing of rgb functions issue. (#2300)
  • Fix issue related to improper parsing of leading and trailing whitespaces in CSS color. (#2301)
  • RGB functions should support real numbers now instead of just integers. (#2339)
  • Allow alternate or properly escaped quotes within font-family names
  • Fix TextMetrics type to include alphabeticBaseline, emHeightAscent, and emHeightDescent properties
  • Fix class properties should have defaults as standard js classes (#2390)
  • Fixed Exif orientation in JPEG files being ignored (#1670)
• 3.0.0-rc2 - 2024-06-20
  

  Note

  Prebuilds are currently only available for Linux (x64, glibc), macOS (x64) and Windows (x64). Please give this version a try and let us know if you run into issues!

  npm install canvas@next

  ---

  This release notably changes to using N-API. 🎉

  Breaking

  • Dropped support for Node.js 16.x and below.

  Changed

  • Migrated to N-API (by way of node-addon-api) and removed libuv and v8 dependencies
  • Change from node-pre-gyp to prebuild-install
  • Defer the initialization of the op variable to the default switch case to avoid a compiler warning. (#2229)
  • Use a default switch case with a null statement if some enum values aren't suppsed to be handled, this avoids a compiler warning. (#2229)
  • Migrate from librsvg's deprecated rsvg_handle_get_dimensions() and rsvg_handle_render_cairo() functions to the new rsvg_handle_get_intrinsic_size_in_pixels() and rsvg_handle_render_document() respectively. (#2229)
  • Avoid calling virtual methods in constructors/destructors to avoid bypassing virtual dispatch. (#2229)
  • Remove unused private field backend in the Backend class. (#2229)
  • Add Node.js v20 to CI. (#2237)
  • Replaced dtslint with tsd (#2313)

  Added

  • Added string tags to support class detection

  Fixed

  • Fix a case of use-after-free. (#2229)
  • Fix usage of garbage value by filling the allocated memory entirely with zeros if it's not modified. (#2229)
  • Fix a potential memory leak. (#2229)
  • Fix the wrong type of setTransform
• 3.0.0-rc1e - 2024-06-20
• 3.0.0-rc1d - 2024-06-19
• 3.0.0-rc1c - 2024-06-19
• 3.0.0-rc1b - 2024-06-19
• 2.11.2 - 2023-04-02
  

  Note: this is the first version with prebuilds for Node.js v20.

  Fixed

  • Building on Windows in CI (and maybe other Windows configurations?) (#2216)

from canvas GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
package.json	0% smaller

[snyk-io]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)