CVE-2023-32681

Advisory

Highcharts-core 1.2.0 updates its dependency 'requests' to v2.31.0 to include a security fix.
https://github.com/highcharts-for-python/highcharts-core/commit/199f42b7ab5759411c923d0a24fd26b57aa25f25

Affected package

Affected versions

Fixed versions

Vulnerability changelog

=========================================

* **ENHANCEMENT:** Align the API to **Highcharts (JS) v.11.1** (52). In particular, this includes:

* Added ``AccessibilityPoint.description_format`` property.
* Added support for ``.legend_symbol`` to plot options and series options.
* Added ``.border_radius`` support to ``FunnelOptions`` and ``FunnelSeries``.
* Added ``.interpolation`` support to ``HeatmapOptions`` and descendents.
* Added ``.point_description_format`` support to ``SeriesOptions`` and descendents.
* Added ``.fill_space`` support to ``TreegraphOptions`` and descendents.
* Added ``.crossing`` support to axes.
* Added ``.format`` support to ``Tooltip``.

* **ENHANCEMENT:** Added support for the inclusion of scripts based on features used in the chart (12).
* **ENHANCEMENT:** Added ``dict`` support to ``.style`` property on labels and titles.
* **DOCS:** Various documentation updates and fixes.
* **DEPENDENCY:** Bumped ``requests`` version for security patch.

------------------

Resources

• https://pypi.org/project/highcharts-core
• https://pyup.io/changelogs/highcharts-core/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32681