[Snyk] Upgrade recharts from 2.1.16 to 2.15.4

[nejidevelops]

Snyk has created this PR to upgrade recharts from 2.1.16 to 2.15.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 55 versions ahead of your current version.

• The recommended version was released 7 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	586	Proof of Concept

Release notes

Package name: recharts

• 2.15.4 - 2025-06-20
  

  What's Changed

  Last 2.x patch - releasing since the @ babel/runtime vulnerability is showing up in some security scans. Hoping to release 3.0 on 6/22 🚀

  Fix

  • X/YAxis: fix issue where recharts class names did not get passed to custom tick components by @ MyungAe in #5840
  • Bar: allow minPointSize function to receive null and undefined values by @ eino in #5947
  • TypeScript: fix issue which caused build errors when allowSyntheticDefaultImports: false by @ tfaller in #5810

  Security

  • resolve @ babel/runtime ReDoS vulnerability (SNYK-JS-BABELRUNTIME-10044504) by @ moehaje in #5969
    • recharts isn't vulnerable to this per-se, but it does show up in security tooling like snyk

  New Contributors

  • @ moehaje made their first contribution in #5969

  Full Changelog: v2.15.3...v2.15.4

• 2.15.3 - 2025-04-18
  

  Last patch release before 3.0 🚀

  What's Changed

  Fix

  • XAxis: fix padding calculation for padding="gap" and padding="no-gap" when XAxis is type number by @ jackfletch in #5759

  Full Changelog: v2.15.2...v2.15.3

• 2.15.2 - 2025-04-03
  

  What's Changed

  Few bugfixes and bug fix backports for 2.x

  Fix

  • Bar/Rectangle: add index back to Bar Rectangle key to prevent duplicate key issues by @ ckifer in #5561
  • Dot: re-include points object in dotProps by @ brodriguezmilla in #5657
  • Tooltip: add SVGProps to Tooltip payload type to account for svg properties such as opacity passed by the user by @ ally1002 in #5712
  • Tooltip/Bar: fix activeBar prop not working when tooltip shared={false} by @ nizans in #5718
  • General: allow data-* props to be spread on svg elements and not be filtered out by @ prtmwrkr in #5666

  New Contributors

  • @ brodriguezmilla made their first contribution in #5657
  • @ nizans made their first contribution in #5718

  Full Changelog: v2.15.1...v2.15.2

• 2.15.1 - 2025-01-28
• 2.15.0 - 2024-12-12
• 2.14.1 - 2024-12-03
• 2.14.0 - 2024-12-02
• 2.13.3 - 2024-11-01
• 2.13.2 - 2024-10-30
• 2.13.1 - 2024-10-29
• 2.13.0 - 2024-10-10
• 2.13.0-alpha.5 - 2024-09-05
• 2.13.0-alpha.4 - 2024-06-02
• 2.13.0-alpha.3 - 2024-05-28
• 2.13.0-alpha.2 - 2024-05-26
• 2.13.0-alpha.1 - 2024-05-24
• 2.13.0-alpha.0 - 2024-05-24
• 2.12.7 - 2024-05-08
• 2.12.6 - 2024-04-21
• 2.12.5 - 2024-04-12
• 2.12.4 - 2024-04-04
• 2.12.3 - 2024-03-15
• 2.12.2 - 2024-03-01
• 2.12.1 - 2024-02-20
• 2.12.0 - 2024-02-09
• 2.11.0 - 2024-01-27
• 2.10.4 - 2024-01-09
• 2.10.3 - 2023-12-01
• 2.10.2 - 2023-11-29
• 2.10.1 - 2023-11-19
• 2.10.0 - 2023-11-19
• 2.9.3 - 2023-11-06
• 2.9.2 - 2023-11-01
• 2.9.1 - 2023-10-30
• 2.9.0 - 2023-10-15
• 2.8.0 - 2023-08-25
• 2.7.3 - 2023-08-08
• 2.7.2 - 2023-06-22
• 2.7.1 - 2023-06-15
• 2.7.0 - 2023-06-15
• 2.7.0-alpha.0 - 2023-05-26
• 2.6.2 - 2023-05-10
• 2.6.1 - 2023-05-10
• 2.6.0 - 2023-05-08
• 2.5.0 - 2023-03-15
• 2.4.3 - 2023-02-16
• 2.4.2 - 2023-02-15
• 2.4.1 - 2023-02-10
• 2.4.0 - 2023-02-09
• 2.3.2 - 2023-01-12
• 2.3.1 - 2023-01-12
• 2.3.0 - 2023-01-12
• 2.3.0-alpha.1 - 2023-01-05
• 2.3.0-alpha.0 - 2023-01-04
• 2.2.0 - 2022-12-08
• 2.1.16 - 2022-10-29

from recharts GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Summary of Changes

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a substantial upgrade of the recharts charting library to its latest stable version. The primary driver for this update is to remediate a known Regular Expression Denial of Service (ReDoS) vulnerability, ensuring the application remains secure. Beyond the security fix, this upgrade brings in a multitude of bug fixes and performance enhancements accumulated over many releases of recharts and its underlying D3.js-related dependencies. The dependency tree has been modernized, reflecting a cleaner and more up-to-date charting stack.

Highlights

• Recharts Upgrade: The recharts library has been upgraded from version 2.1.16 to 2.15.4, a significant jump across 55 versions.
• Security Fix: This upgrade addresses a critical Regular Expression Denial of Service (ReDoS) vulnerability (SNYK-JS-D3COLOR-1076592) identified in the d3-color dependency, improving the application's security posture.
• Dependency Updates and Refactoring: Numerous related dependencies, including various @types/d3-* and d3-* packages, fast-equals, internmap, and lodash, have been updated. Several older dependencies like classnames, css-unit-converter, react-lifecycles-compat, react-resize-detector, and reduce-css-calc have been removed, while clsx, tiny-invariant, and victory-vendor have been introduced.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request, automatically generated by Snyk, upgrades the recharts package from version 2.1.16 to 2.15.4. This upgrade addresses a Regular Expression Denial of Service (ReDoS) vulnerability (SNYK-JS-D3COLOR-1076592).

While this is a minor version bump for recharts itself, it's a substantial update across 55 versions and introduces major version upgrades for several transitive dependencies. I've highlighted the potential risk of breaking changes due to these underlying updates. It is crucial to perform thorough testing on all charting functionalities to ensure they continue to work as expected.

Overall, the upgrade is important for security, but due to the scale of the changes, careful validation is required before merging.

[gemini-code-assist]

This upgrade of recharts from 2.1.16 to 2.15.4 is a significant jump across 55 versions. While recharts itself is a minor version update, it introduces major version bumps for several of its transitive dependencies, such as d3-* packages (e.g., d3-array from v2 to v3), fast-equals (v2 to v5), and react-smooth (v2 to v4). These major updates could contain breaking changes that might affect how charts are rendered. Please test all charts thoroughly to ensure they still behave and render as expected after this upgrade.