search

MCS-Lite / mcs-lite

🎛 MCS Lite Common UI and Websites.
https://mcslite.netlify.com
MIT License
75 stars 9 forks source link

fix(deps): update dependency d3-color to v3 [security] #678

Open renovate[bot] opened 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
d3-color (source) ^1.0.3 -> ^3.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-36jr-mh4h-2g58

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

Release Notes

d3/d3-color (d3-color) ### [`v3.1.0`](https://togithub.com/d3/d3-color/releases/tag/v3.1.0) [Compare Source](https://togithub.com/d3/d3-color/compare/v3.0.1...v3.1.0) - Add [*rgb*.clamp](https://togithub.com/d3/d3-color/blob/main/README.md#rgb_clamp) and [*hsl*.clamp](https://togithub.com/d3/d3-color/blob/main/README.md#hsl_clamp). [#​102](https://togithub.com/d3/d3-color/issues/102) - Add [*color*.formatHex8](https://togithub.com/d3/d3-color/blob/main/README.md#color_formatHex8). [#​103](https://togithub.com/d3/d3-color/issues/103) - Fix [*color*.formatHsl](https://togithub.com/d3/d3-color/blob/main/README.md#color_formatHsl) to clamp values to the expected range. [#​83](https://togithub.com/d3/d3-color/issues/83) - Fix catastrophic backtracking when parsing colors. [#​89](https://togithub.com/d3/d3-color/issues/89) [#​97](https://togithub.com/d3/d3-color/issues/97) [#​99](https://togithub.com/d3/d3-color/issues/99) [#​100](https://togithub.com/d3/d3-color/issues/100) [SNYK-JS-D3COLOR-1076592](https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592) ### [`v3.0.1`](https://togithub.com/d3/d3-color/releases/tag/v3.0.1) [Compare Source](https://togithub.com/d3/d3-color/compare/v3.0.0...v3.0.1) - Make build reproducible. ### [`v3.0.0`](https://togithub.com/d3/d3-color/releases/tag/v3.0.0) [Compare Source](https://togithub.com/d3/d3-color/compare/v2.0.0...v3.0.0) - Adopt type: module. This package now requires Node.js 12 or higher. For more, please read [Sindre Sorhus’s FAQ](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c). ### [`v2.0.0`](https://togithub.com/d3/d3-color/releases/tag/v2.0.0) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.4.1...v2.0.0) This release adopts ES2015 language features such as [for-of](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for...of) and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler. ### [`v1.4.1`](https://togithub.com/d3/d3-color/releases/tag/v1.4.1) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.4.0...v1.4.1) - Fix parsing of 4- and 8-digit hexadecimal transparent colors. [#​52](https://togithub.com/d3/d3-color/issues/52) ### [`v1.4.0`](https://togithub.com/d3/d3-color/releases/tag/v1.4.0) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.3.0...v1.4.0) - Add support for parsing 4- and 8-digit hexadecimal colors. [#​60](https://togithub.com/d3/d3-color/issues/60) Thanks, [@​zerovox](https://togithub.com/zerovox)! - Add sideEffects: false to the package.json. ### [`v1.3.0`](https://togithub.com/d3/d3-color/releases/tag/v1.3.0) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.2.8...v1.3.0) - Add [*color*.copy](https://togithub.com/d3/d3-color/blob/master/README.md#color_copy). - Add [*color*.formatHex](https://togithub.com/d3/d3-color/blob/master/README.md#color_formatHex). - Add [*color*.formatHsl](https://togithub.com/d3/d3-color/blob/master/README.md#color_formatHsl). - Add [*color*.formatRgb](https://togithub.com/d3/d3-color/blob/master/README.md#color_formatRgb). - Deprecate *color*.hex; use *color*.formatHex instead. ### [`v1.2.8`](https://togithub.com/d3/d3-color/releases/tag/v1.2.8) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.2.7...v1.2.8) - Revert chroma clamping in *hcl*.toString. ([#​33](https://togithub.com/d3/d3-color/issues/33)) ### [`v1.2.7`](https://togithub.com/d3/d3-color/releases/tag/v1.2.7) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.2.6...v1.2.7) - Account for rounding when determining whether a color is displayable. ### [`v1.2.6`](https://togithub.com/d3/d3-color/releases/tag/v1.2.6) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.2.5...v1.2.6) - Implement chroma clamping in [*hcl*.toString](https://togithub.com/d3/d3-color/blob/master/README.md#hcl). ([#​33](https://togithub.com/d3/d3-color/issues/33)) - Fix achromatic representation of white in HCL colorspace (again). ### [`v1.2.5`](https://togithub.com/d3/d3-color/releases/tag/v1.2.5) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.2.4...v1.2.5) - Fix achromatic representation of white in HCL colorspace. ### [`v1.2.4`](https://togithub.com/d3/d3-color/releases/tag/v1.2.4) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.2.3...v1.2.4) - Fix achromatic representation of black and white in HCL colorspace. ### [`v1.2.3`](https://togithub.com/d3/d3-color/releases/tag/v1.2.3) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.2.2...v1.2.3) - Housekeeping. ### [`v1.2.2`](https://togithub.com/d3/d3-color/releases/tag/v1.2.2) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.2.1...v1.2.2) - Update dependencies, again. ### [`v1.2.1`](https://togithub.com/d3/d3-color/releases/tag/v1.2.1) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.2.0...v1.2.1) - Update dependencies. ### [`v1.2.0`](https://togithub.com/d3/d3-color/releases/tag/v1.2.0) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.1.0...v1.2.0) - Add [*color*.hex](https://togithub.com/d3/d3-color/blob/master/README.md#color_hex). ### [`v1.1.0`](https://togithub.com/d3/d3-color/releases/tag/v1.1.0) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.0.4...v1.1.0) - Add [d3.lch](https://togithub.com/d3/d3-color/blob/master/README.md#lch) convenience wrapper for [d3.hcl](https://togithub.com/d3/d3-color/blob/master/README.md#lch). - Add [d3.gray](https://togithub.com/d3/d3-color/blob/master/README.md#gray) convenience wrapper for [d3.lab](https://togithub.com/d3/d3-color/blob/master/README.md#lab). ### [`v1.0.4`](https://togithub.com/d3/d3-color/releases/tag/v1.0.4) [Compare Source](https://togithub.com/d3/d3-color/compare/v1.0.3...v1.0.4) - Switch from D65 to D50 for [Lab and HCL color spaces](https://beta.observablehq.com/@​mbostock/lab-and-rgb). Thanks, [@​danburzo](https://togithub.com/danburzo)! ([#​46](https://togithub.com/d3/d3-color/issues/46)) - Fix Lab and HCL representation of [achromatic colors](https://beta.observablehq.com/@​mbostock/achromatic-interpolation-test). ([d3/d3-interpolate#50](https://togithub.com/d3/d3-interpolate/issues/50))

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.