Skip to content

Bump chart.js and admin-lte#15

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-57469e29a5
Open

Bump chart.js and admin-lte#15
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-57469e29a5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 14, 2026

Copy link
Copy Markdown

Bumps chart.js to 2.9.4 and updates ancestor dependency admin-lte. These dependencies need to be updated together.

Updates chart.js from 1.1.1 to 2.9.4

Release notes

Sourced from chart.js's releases.

v2.9.4

This is the last release of v2 and focused on fixing bugs identified in the v2.9.3 release.

Bugs Fixed

  • #7404 - Preserve prototypes when cloning. Thanks @​iddings
  • #7587 - Fix docs for external moment.js. Thanks @​mojoaxel
  • #7853 - Fix box recursion when dimensions are NaN. Thanks @​alessandroasm
  • #7883 - Fix call stack exception when computing label sizes. Thanks @​silentmatt
  • #7918 - Prevent global prototype pollution via the merge helper
  • #7920 - Use Object.create(null) as merge target, to prevent prototype pollution

v2.9.3

Bug Fixes

  • #6698 Fix undefined variable
  • #6719 Don't make legend empty when fill is false

Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@​kurkle, @​benmccann, and @​etimberg).

v2.9.2

Bug Fixes

  • #6641 IE11 & Edge compatible style injection
  • #6655 Backwards compatible default fill for radar charts
  • #6660 Improve clipping of line charts when border widths are large
  • #6661 When a legend item is clicked, make sure the correct item is hidden
  • #6663 Refresh package-lock file to pick up new dependency

Performance

  • #6671 Stop unnecessary line calculations

Documentation

  • #6643 Combine performance documentation sections

Thanks to the maintainers and collaborators for their help to improve and test Chart.js (@​nagix, @​kurkle, @​benmccann, @​etimberg and @​simonbrunel).

v2.9.1

Bug Fixes

  • #6603 Fix deprecation warnings for horizontal bar charts
  • #6608 Fix zoom plugin by no longer clipping scale.getDecimalForPixel to the chart area
  • #6617 Non numeric Y axes did not work

Documentation

  • #6613 Add link to performance documentation

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by etimberg, a new releaser for chart.js since your current version.


Updates admin-lte from 2.4.18 to 4.0.0-rc6

Release notes

Sourced from admin-lte's releases.

AdminLTE v4.0.0-rc4

What's New

  • Updated Dependencies: 8 npm packages updated to latest versions for improved security and performance
  • Refined Mobile Image Fix: Streamlined image path resolution by removing JavaScript runtime fix in favor of build-time HTML generation
  • Better Performance: Images now load faster with no runtime path corrections needed

Updated Packages

  • @​rollup/plugin-typescript: 12.1.3 → 12.1.4
  • @​typescript-eslint/eslint-plugin: 8.35.1 → 8.36.0
  • @​typescript-eslint/parser: 8.35.1 → 8.36.0
  • astro: 5.10.0 → 5.11.0
  • eslint: 9.30.0 → 9.30.1
  • prettier: 3.5.3 → 3.6.2
  • rollup: 4.44.0 → 4.44.2
  • stylelint: 16.21.0 → 16.21.1

Installation

npm install admin-lte@4.0.0-rc4

Key Improvements from 4.0.0-rc3

  • Zero 404 Errors: All images now use relative paths generated at build time
  • Cleaner Code: Removed JavaScript runtime path fixes that caused console errors
  • Latest Tools: Updated to newest versions of TypeScript, ESLint, Prettier, and build tools

AdminLTE v4.0.0-rc1 - Major Modernization Release

This release represents a complete modernization of the AdminLTE codebase, bringing it up to current standards with the latest tooling, dependencies, and best practices.

Key Highlights

  • Zero Security Vulnerabilities - All dependencies updated and vulnerabilities resolved
  • Modern Tooling - ESLint v9, Astro 5.x, latest Stylelint and build tools
  • Better Developer Experience - New npm start command, improved scripts, cleaner builds
  • Latest Dependencies - Bootstrap 5.3.7, Node.js ES modules, 50+ package updates
  • Code Quality - Zero linting errors, removed technical debt, standardized formatting
  • Future-Ready - Modern configuration patterns, optimal bundle sizes, enhanced maintainability

Quick Start

# Install dependencies
npm install
Start development server
npm start
</tr></table>

... (truncated)

Changelog

Sourced from admin-lte's changelog.

[4.0.0-rc6] - 2025-12-08

Security

  • Fixed 4 Security Vulnerabilities: Resolved all npm audit security issues
    • Fixed high severity reflected XSS vulnerability in Astro server islands
    • Fixed moderate severity authentication bypass via url.pathname in Astro
    • Fixed moderate severity stored XSS in Astro Cloudflare adapter /_image endpoint
    • Fixed moderate severity unsanitized class attribute in mdast-util-to-hast
    • All vulnerabilities resolved by updating to Astro 5.16.4+

Added

  • Sidebar State Persistence: New feature to remember sidebar collapsed/expanded state
    • Sidebar state now persists across page refreshes using localStorage
    • Configurable via enablePersistence option (default: true)
    • SSR-safe implementation with proper environment checks
    • Mobile-aware: doesn't restore state on small screens (respects responsive breakpoints)
    • Graceful error handling for private browsing mode
    • Storage key: lte.sidebar.state

Changed

  • GitHub Actions: Updated all workflows to Node.js 22 (from Node.js 18)
    • Node.js 18 reached End-of-Life on April 30, 2025
    • Node.js 22 is the current Active LTS (supported until April 2027)
    • Updated setup-node action from v3 to v4 across all workflows
    • Updated CodeQL actions from v2 to v3
    • Added FORCE_COLOR: 2 environment variable to codeql.yml for consistency

Fixed

  • Release Workflow: Fixed zip command in release.yml
    • Corrected -d flag to -r for recursive directory zipping
    • Fixed filename inconsistency in release artifacts
  • Nested Card Expand Icon: Fixed issue #5909 where nested collapsed cards didn't show expand icon
    • Updated CSS selectors to use direct child (>) scoping for card state icons
    • Collapse/expand icons now correctly display for nested cards independently
    • Card body/footer display rules now only affect direct children, not nested cards
  • Card Widget JavaScript: Fixed nested card collapse/expand affecting child cards
    • Added :scope > selector to only target direct card-body/footer children
    • Prevents parent card collapse from affecting nested card animations

Updated

  • Dependencies: Updated 15+ packages to latest versions
    • @​astrojs/check: 0.9.5 → 0.9.6
    • @​astrojs/mdx: 4.3.9 → 4.3.12
    • @​rollup/plugin-typescript: 12.1.3 → 12.3.0
    • @​typescript-eslint/eslint-plugin: 8.46.2 → 8.48.1

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by silkalns, a new releaser for admin-lte since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump chart.js and admin-lte
8ff60c0 
Bumps [chart.js](https://github.com/chartjs/Chart.js) to 2.9.4 and updates ancestor dependency [admin-lte](https://github.com/ColorlibHQ/AdminLTE). These dependencies need to be updated together.


Updates `chart.js` from 1.1.1 to 2.9.4
- [Release notes](https://github.com/chartjs/Chart.js/releases)
- [Commits](chartjs/Chart.js@v1.1.1...v2.9.4)

Updates `admin-lte` from 2.4.18 to 4.0.0-rc6
- [Release notes](https://github.com/ColorlibHQ/AdminLTE/releases)
- [Changelog](https://github.com/ColorlibHQ/AdminLTE/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ColorlibHQ/AdminLTE/commits)

---
updated-dependencies:
- dependency-name: chart.js
  dependency-version: 2.9.4
  dependency-type: indirect
- dependency-name: admin-lte
  dependency-version: 4.0.0-rc6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants