fix(deps): update dependency d3-color to v3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
d3-color (source)	^1.2.3 → ^3.0.0

---

d3-color vulnerable to ReDoS

GHSA-36jr-mh4h-2g58

More information

Details

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

Severity

High

References

• https://github.com/d3/d3-color/pull/100
• https://github.com/d3/d3-color/releases/tag/v3.1.0
• https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592
• https://github.com/advisories/GHSA-36jr-mh4h-2g58

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

d3/d3-color (d3-color)

v3.1.0

Compare Source

• Add rgb.clamp and hsl.clamp. #​102
• Add color.formatHex8. #​103
• Fix color.formatHsl to clamp values to the expected range. #​83
• Fix catastrophic backtracking when parsing colors. #​89 #​97 #​99 #​100 SNYK-JS-D3COLOR-1076592

v3.0.1

Compare Source

• Make build reproducible.

v3.0.0

Compare Source

• Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

Compare Source

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

v1.4.1

Compare Source

• Fix parsing of 4- and 8-digit hexadecimal transparent colors. #​52

v1.4.0

Compare Source

• Add support for parsing 4- and 8-digit hexadecimal colors. #​60 Thanks, @​zerovox!
• Add sideEffects: false to the package.json.

v1.3.0

Compare Source

• Add color.copy.
• Add color.formatHex.
• Add color.formatHsl.
• Add color.formatRgb.
• Deprecate color.hex; use color.formatHex instead.

v1.2.8

Compare Source

• Revert chroma clamping in hcl.toString. (#​33)

v1.2.7

Compare Source

• Account for rounding when determining whether a color is displayable.

v1.2.6

Compare Source

• Implement chroma clamping in hcl.toString. (#​33)
• Fix achromatic representation of white in HCL colorspace (again).

v1.2.5

Compare Source

• Fix achromatic representation of white in HCL colorspace.

v1.2.4

Compare Source

• Fix achromatic representation of black and white in HCL colorspace.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

❌ fail

Name	Link
🔨 Latest commit	a68b577
🔍 Latest deploy log	https://app.netlify.com/sites/mcs-ui/deploys/637a433e669377000968dc81

[netlify]

❌ fail

Name	Link
🔨 Latest commit	5de1233
🔍 Latest deploy log	https://app.netlify.com/projects/mcs-ui/deploys/69eff1a423e49f000881612d