[Snyk] Security upgrade @thoughtspot/ts-chart-sdk from 0.0.2-alpha.16 to 1.0.0

[mnk-blr]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• example/gauge/package.json
• example/gauge/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Directory Traversal SNYK-JS-ROLLUP-15340920	234

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal

[github-actions]

File	Coverage
All files	88%	✅
src/main/custom-chart-context.ts	86%	✅
src/main/logger.ts	88%	✅
src/main/post-message-event-bridge.ts	77%	✅
src/react/use-custom-chart-context.tsx	86%	✅
src/react/mocks/custom-chart-context-mock.ts	96%	✅
src/utils/chart-config.ts	82%	✅
src/utils/date-formatting.ts	82%	✅
src/utils/formatting-util.ts	89%	✅
src/utils/conditional-formatting/conditional-formatting.ts	92%	✅
src/utils/globalize-Initializer/globalize-utils.ts	95%	✅
src/utils/number-formatting/number-formatting-utils.ts	98%	✅
src/utils/number-formatting/number-formatting.ts	90%	✅

Minimum allowed coverage is 0%

Generated by 🐒 cobertura-action against c5c12ba

[claude]

🚨 Critical Version Inconsistency

This change upgrades to SDK version 1.0.0, but this creates a significant version inconsistency:

• Other examples use @thoughtspot/ts-chart-sdk: 2.7.6
• Main SDK is at version 2.9.2
• This gauge example would be running a major version behind

Recommendation: Use the same version as other examples (2.7.6) or latest (2.9.2) to ensure API compatibility and consistency across examples.

Potential Impact: Users following the gauge example might encounter deprecated APIs or missing features available in newer versions.

[claude]

📋 Semver Format Change

Note: This change also switches from an exact version (0.0.2-alpha.16) to a caret range (^1.0.0).

While caret ranges are generally good practice for automatic minor/patch updates, ensure this aligns with your dependency management strategy across all examples.

[claude]

🔍 Code Review Summary

Status: ❌ Not Recommended for Merge

Critical Issues Found

🚨 Major Version Inconsistency

• This PR upgrades the gauge example to SDK 1.0.0, creating a significant version mismatch
• Other examples use SDK 2.7.6, while main SDK is at 2.9.2
• Running the gauge example with 1.0.0 means using APIs that are 2+ major versions behind

⚠️ Potential Breaking Changes

• Jump from 0.0.2-alpha.16 to 1.0.0 may introduce undocumented breaking changes
• Dependency conflicts with promise-postmessage versions could affect SDK communication

Recommendations

1. Fix Version Consistency: Update gauge example to use the same SDK version as other examples (2.7.6) or latest (2.9.2)
2. Verify Compatibility: Ensure the gauge example works correctly with the newer SDK version
3. Update Documentation: Add version compatibility guidance for examples

Security Note

While this PR addresses Snyk security vulnerabilities, the version downgrade may reintroduce other security issues present in older SDK versions.

Verdict: Please address the version inconsistency before merging to maintain example consistency and avoid potential API compatibility issues.