Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump d3-color, d3-interpolate, d3-scale and d3-scale-chromatic #3009

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump d3-color, d3-interpolate, d3-scale and d3-scale-chromatic #3009

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 12, 2022

Bumps d3-color to 3.1.0 and updates ancestor dependencies d3-color, d3-interpolate, d3-scale and d3-scale-chromatic. These dependencies need to be updated together.

Updates d3-color from 2.0.0 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

v3.0.1

  • Make build reproducible.

v3.0.0

  • Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits

Updates d3-interpolate from 2.0.1 to 3.0.1

Release notes

Sourced from d3-interpolate's releases.

v3.0.1

  • Update dependencies.
  • Make build reproducible.

v3.0.0

  • Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits

Updates d3-scale from 3.3.0 to 4.0.2

Release notes

Sourced from d3-scale's releases.

v4.0.2

  • Default the base-10 log tick format to ~s instead of .0e. #255

v4.0.1

  • Fix log.ticks to return exact values for integer bases. #253
  • Fix log.tickFormat to trim trailing zeroes by default if no precision is specified. #254

v4.0.0

  • Adopt type: module. #246
  • Adopt InternMap for ordinal scale domains. #235
  • Update dependencies.
  • Make build reproducible.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits

Updates d3-scale-chromatic from 2.0.0 to 3.0.0

Release notes

Sourced from d3-scale-chromatic's releases.

v3.0.0

  • Adopt type: module.
  • Update dependencies.
  • Make build reproducible.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump d3-color, d3-interpolate, d3-scale and d3-scale-chr…
9191b01 
…omatic

Bumps [d3-color](https://github.com/d3/d3-color) to 3.1.0 and updates ancestor dependencies [d3-color](https://github.com/d3/d3-color), [d3-interpolate](https://github.com/d3/d3-interpolate), [d3-scale](https://github.com/d3/d3-scale) and [d3-scale-chromatic](https://github.com/d3/d3-scale-chromatic). These dependencies need to be updated together.


Updates `d3-color` from 2.0.0 to 3.1.0
- [Release notes](https://github.com/d3/d3-color/releases)
- [Commits](d3/d3-color@v2.0.0...v3.1.0)

Updates `d3-interpolate` from 2.0.1 to 3.0.1
- [Release notes](https://github.com/d3/d3-interpolate/releases)
- [Commits](d3/d3-interpolate@v2.0.1...v3.0.1)

Updates `d3-scale` from 3.3.0 to 4.0.2
- [Release notes](https://github.com/d3/d3-scale/releases)
- [Commits](d3/d3-scale@v3.3.0...v4.0.2)

Updates `d3-scale-chromatic` from 2.0.0 to 3.0.0
- [Release notes](https://github.com/d3/d3-scale-chromatic/releases)
- [Commits](d3/d3-scale-chromatic@v2.0.0...v3.0.0)

---
updated-dependencies:
- dependency-name: d3-color
  dependency-type: indirect
- dependency-name: d3-interpolate
  dependency-type: direct:production
- dependency-name: d3-scale
  dependency-type: direct:production
- dependency-name: d3-scale-chromatic
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 12, 2022
@zavan zavan mentioned this pull request Oct 13, 2022
Closed
1 task
@mark-todd mark-todd mentioned this pull request Oct 17, 2022
Closed
@mark-todd
Copy link

#3012

@MikeSha
Copy link

MikeSha commented Oct 18, 2022

Any chance this PR to be merged?

@mark-todd
Copy link

Looking at the git history I suppose @arcthur manages releases? Given the severity of the vulnerability it probably is worthy of a minor release

herleraja
herleraja approved these changes Oct 27, 2022
View reviewed changes
Copy link

@herleraja herleraja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Fernando-Abreu
Copy link

When can we expect this to be merged?

@Fernando-Abreu
Copy link

d3-interpolate which should bump d3-color version to 3.1.0 was closed: d3/d3-interpolate#105. The version 3.0.1 still have the vulnerability issue

@eduardoribeiro
Copy link

Any updates on this? This is raising security vulnerabilities and seems that D3 solved this already.

@zhou9584 zhou9584 mentioned this pull request Dec 5, 2022
Closed
@arcthur arcthur closed this Dec 8, 2022
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 8, 2022

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/d3-color-and-d3-interpolate-and-d3-scale-and-d3-scale-chromatic-3.1.0 branch December 8, 2022 02:57
@ckifer ckifer mentioned this pull request Dec 27, 2022
Closed
8 tasks
@ckifer ckifer mentioned this pull request Jan 12, 2023
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@herleraja herleraja herleraja approved these changes

@EdmondCShaffer EdmondCShaffer EdmondCShaffer approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@mark-todd @MikeSha @Fernando-Abreu @eduardoribeiro @herleraja @EdmondCShaffer @arcthur