This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.
v2.0.0
This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.
⚠️ Mind that our last stable version (v0.27.0) is more than one year old. Lots of things have happened in Decidim, so we recommend that you follow all the steps in this guide for updating your application. Enjoy the new design and features!
Security fixes
This release addresses several security issues:
CVE-2023-48220
CVE-2023-47634
CVE-2023-47635
CVE-2023-51447
The details regarding the security vulnerability will be published on February 20th 2024, which is two months after the release date of this version. For more information, please refer to our Security Policy.
We highly recommend updating to this version as soon as possible to ensure the security of your system.
1. Upgrade notes
As usual, we recommend that you have a full backup, of the database, application code and static files.
To update, follow these steps:
1.1. Update your ruby and node versions
For ruby, if you're using rbenv, this is done with the following commands:
rbenv install 3.1.1
rbenv local 3.1.1
If not, you need to adapt it to your environment. See "2.1. Ruby update to 3.1"
For node, if you're using nvm, this is done with the following commands:
nvm install 18.17.1
nvm use 18.17.1
If not, you need to adapt it to your environment. See "2.2. Node update to 18.17"
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AjuntamentdeBarcelona/decidim-barcelona/network/alerts).
Bumps d3-color to 3.1.0 and updates ancestor dependency @decidim/core. These dependencies need to be updated together.
Updates
d3-color
from 1.4.1 to 3.1.0Release notes
Sourced from d3-color's releases.
Commits
7a1573e
3.1.075c19c4
update LICENSEef94e01
update dependencies5e9f757
method shorthande4bc34e
formatHex8 (#103)ac660c6
{rgb,hsl}.clamp() (#102)70e3a04
clamp HSL format (#101)994d8fd
avoid backtracking (#100)7d61bbe
3.0.193bc4ff
related d3/d33; extract copyrights from LICENSEUpdates
@decidim/core
from 0.27.4 to 0.28.0Release notes
Sourced from
@decidim/core
's releases.... (truncated)
Changelog
Sourced from
@decidim/core
's changelog.... (truncated)
Commits
56b2e36
Bump to v0.28.0 final version (#12214)9007da6
Bump to v0.28.0.rc5 version (#12187)3242452
Prepare 0.28.0.rc4 release (#12148)8438ecd
Bump to v0.28.0.rc3 version (#12129)8f8990b
Bump to v0.28.0.rc2 version (#12114)588ea89
Bump to v0.28.0.rc1 version (#12094)5bb29b8
Bump@tiptap
packages from v2.0.3 to v2.1.12 (#11790)bedcc12
Clean-up Foundation CSS leftovers (#11796)4ad0bb7
Lock tom-select and core-js (#11792)612e4a1
Lock TipTap editor to ~2.0.3 (#11492)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show