Upgrade Highcharts - Cross Site Scripting vuln

[rjensen-r7]

Highcharts dependency needs to be upgraded to >= 8.1.1.

https://www.npmjs.com/advisories/1227
Overview
Versions of highcharts prior to 8.1.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize href values and does not restrict URL schemes, allowing attackers to execute arbitrary JavaScript in a victim's browser if they click the link.

Remediation
Upgrade to version 8.1.1 or later.

[lsiler-mdsol]

is anyone working on resolving this? @kirjs

[piyalcodes]

I'm also getting the same problem even for the latest version

Version installed:
"highcharts": "^8.2.0",
"react-highcharts": "^16.1.0",

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Cross-Site Scripting │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ highcharts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=7.2.2 <8.0.0 || >=8.1.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ react-highcharts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ react-highcharts > highcharts │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1227 │
└───────────────┴──────────────────────────────────────────────────────────────┘

Hope this will get fix sooner. 👍

[murb]

There is an official HighchartsReact wrapper now, which might be the path forward: https://github.com/highcharts/highcharts-react