Bump d3-color, d3 and d3-interpolate-path

[dependabot]

Bumps d3-color to 3.1.0 and updates ancestor dependencies d3-color, d3 and d3-interpolate-path. These dependencies need to be updated together.

Updates d3-color from 1.0.3 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

• Add rgb.clamp and hsl.clamp. #102
• Add color.formatHex8. #103
• Fix color.formatHsl to clamp values to the expected range. #83
• Fix catastrophic backtracking when parsing colors. #89 #97 #99 #100 SNYK-JS-D3COLOR-1076592

v3.0.1

• Make build reproducible.

v3.0.0

• Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

v2.0.0

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

v1.4.1

• Fix parsing of 4- and 8-digit hexadecimal transparent colors. #52

v1.4.0

• Add support for parsing 4- and 8-digit hexadecimal colors. #60 Thanks, @​zerovox!
• Add sideEffects: false to the package.json.

v1.3.0

• Add color.copy.
• Add color.formatHex.
• Add color.formatHsl.
• Add color.formatRgb.
• Deprecate color.hex; use color.formatHex instead.

v1.2.8

• Revert chroma clamping in hcl.toString. (#33)

v1.2.7

• Account for rounding when determining whether a color is displayable.

v1.2.6

• Implement chroma clamping in hcl.toString. (#33)
• Fix achromatic representation of white in HCL colorspace (again).

v1.2.5

• Fix achromatic representation of white in HCL colorspace.

v1.2.4

• Fix achromatic representation of black and white in HCL colorspace.

v1.2.3

• Housekeeping.

... (truncated)

Commits

• 7a1573e 3.1.0
• 75c19c4 update LICENSE
• ef94e01 update dependencies
• 5e9f757 method shorthand
• e4bc34e formatHex8 (#103)
• ac660c6 {rgb,hsl}.clamp() (#102)
• 70e3a04 clamp HSL format (#101)
• 994d8fd avoid backtracking (#100)
• 7d61bbe 3.0.1
• 93bc4ff related d3/d33; extract copyrights from LICENSE
• Additional commits viewable in compare view

Updates d3 from 4.13.0 to 7.6.1

Release notes

Sourced from d3's releases.

v7.6.1

• density.bandwidth now supports fractional (non-integer) values.

v7.6.0

• Add d3.blur.
• Add d3.blur2.
• Add d3.blurImage.
• Add d3.medianIndex.
• Add d3.quantileIndex.

v7.5.0

• Add density.contours.

v7.4.5

• Fix the interpretation of an array of numbers passed to density.thresholds.

v7.4.4

• Fix incorrect behavior of d3.bisector when given an asymmetric comparator.

v7.4.3

• Fix crash in d3.bin. Thanks, @​weiglemc!

v7.4.2

• Fix off-by-one bin assignment due to rounding error in d3.bin.

v7.4.1

• Significantly improve the performance of d3.bin.
• Fix the implementation of d3.thresholdScott.
• d3.pack and d3.packEnclose are now fully deterministic.
• d3.pack and d3.packEnclose now handle certain floating point errors better.

v7.4.0

• Add rgb.clamp and hsl.clamp.
• Add color.formatHex8.
• Fix color.formatHsl to clamp values to the expected range.
• Fix catastrophic backtracking when parsing colors. SNYK-JS-D3COLOR-1076592

v7.3.0

• Add d3.symbolsStroke. Thanks, @​hemanrobinson!
• Add d3.symbolsFill, replacing (deprecating) d3.symbols.
• Add d3.symbolAsterisk.
• Add d3.symbolDiamond2.
• Add d3.symbolPlus.
• Add d3.symbolSquare2.
• Add d3.symbolTriangle2.
• Add d3.symbolX.
• Add d3.link.

v7.2.1

• Fix stratify.path when the top-level directory is only a single character.

... (truncated)

Commits

• 19302a5 7.6.1
• c1c2c0b d3-contour 4.0.0
• 795f203 7.6.0
• 22f1dc7 d3-array 3.2.0
• d618835 7.5.0
• d9f58e1 d3-contour 3.1.0
• 6d70571 7.4.5
• 7e9eba3 d3-contour 3.0.2
• 2f256d9 7.4.4
• 8ff8c81 d3-array 3.1.6
• Additional commits viewable in compare view

Updates d3-interpolate-path from 1.1.1 to 2.3.0

Release notes

Sourced from d3-interpolate-path's releases.

v2.3.0

• feat: adds in snapEndsToInput option per #47

v2.2.3

• Fixes the ESM build now that we have less files in the npm package #43

v2.2.2

• Fixes bug where the value at t=0 got mutated during interpolation
• Reduces files published to npm

v2.2.1

• Exposes pathCommandsFromString helper fo convenience converting path d strings to command object arrays.

v2.2.0

• Adds interpolatePathCommands to allow use of the plugin outside of SVG path strings (#35 #36)

v2.1.2

• Fixes bug with scientific notation #33

v2.1.0

• Resolves #25 by increasing performance up to 2x for initializing the interpolator and interpolating paths

v2.0.1

• Fixes #17 - bug with leading spaces in d attribute causing a crash

v2.0.0

• Switches to a segment splitting approach that improves curve interpolation
• Adds excludeSegment argument for better handling d3-area
• See #16 for details
• Opens #15 for extending lines (if a common situation for you, you may currently be better off using v1.1.1)

Commits

• 60fe235 2.3.0
• d8390d2 docs: try to improve jsdoc types
• 786c6c5 Merge pull request #48 from andyrichardson/add-end-snapping-option
• a0f73ef Add test for end snapping
• 45e1db5 Add snap ends option
• c673a76 2.2.3
• 1b4f2e1 build: update dependencies, address dev security
• 5dc0aa3 docs: fix readme links
• 525cafb 2.2.2
• 1dab012 Merge pull request #43 from fyrkant/feat/add-module-build
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[IvanMathy]

This PR cannot easily be merged, because all the UI Components depend on d3@4. Version 6 brought in some breaking changes (the main one of which being the deprecation of d3.event). The upgrade process will need to be manual in order not to break the build, which will require changing pretty much every UI component to support the new syntax.

Since this is a client-side library and that it is self contained, it should not be a security issue for now while a plan is put in place to upgrade the d3 version.

We added a PR workflow to catch the build being broken by dependency upgrades in the future.