[Snyk] Upgrade d3 from 5.16.0 to 7.9.0

[Clemens-git76]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade d3 from 5.16.0 to 7.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 43 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-03-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Origin Validation Error SNYK-JS-KOACORS-6117545	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: d3

• 7.9.0 - 2024-03-12
  
  • Add d3.schemeObservable10. d3/d3-scale-chromatic#51
  • Change d3.geoCircle precision to 2 degrees. d3/d3-geo#281
  • Set projection.clipAngle precision to 2 degrees. d3/d3-geo#282
• 7.8.5 - 2023-06-03
  
  • Fix the return value of d3.medianIndex and d3.quantileIndex when the data contains missing values. #275
• 7.8.4 - 2023-04-01
  
  • Fix circumcenters when the hull is collinear. d3/d3-delaunay#142
• 7.8.3 - 2023-03-25
  
  • Fix precision error calculating voronoi.neighbors. d3/d3-delaunay#138 d3/d3-delaunay#139
  • Fix broken polygon. d3/d3-delaunay#140
  • Fix threshold generation when input is empty or has no deviation. d3/d3-array#271
• 7.8.2 - 2023-01-18
  
  • d3.ticks now tries harder to generate at least one tick. d3/d3-array#264
• 7.8.1 - 2023-01-11
  
  • Tolerate invalid input values when generating contours. #61
  • Tolerate invalid input weights when generating density contours. #65
  • Fix missing contours at extrema when using default thresholds. #68
• 7.8.0 - 2022-12-20
  
  • Add d3.pathRound.
  • Add configurable precision when generating path data via path.digits.
  • Add likewise shape.digits method to d3.arc, d3.area, d3.line, d3.link, and d3.symbol.
  • Improve the performance of d3.geoPath’s string concatenation.
  • Fix arc rendering for small arcs with rounded corners.
  • Fix BumpRadial implementation to support multiple points.
  • Fix projection when lambda is outside the range ±3π.
  • Rename d3.symbolX to d3.symbolTimes; d3.symbolX is now deprecated.
• 7.7.0 - 2022-12-03
  
  • Add d3.unixDay and d3.unixDays. d3/d3-time#58
  • Adopt d3.unixDay in place of d3.utcDay for d3.utcTicks to ensure uniform tick spacing.
  • Fix mutation of user-owned thresholds in d3.bin. d3/d3-array#263
  • Fix infinite loop when d3.quantile or d3.quickselect is called with invalid arguments. d3/d3-array#262
• 7.6.1 - 2022-07-03
  
  • density.bandwidth now supports fractional (non-integer) values.
• 7.6.0 - 2022-07-03
  
  • Add d3.blur.
  • Add d3.blur2.
  • Add d3.blurImage.
  • Add d3.medianIndex.
  • Add d3.quantileIndex.
• 7.5.0 - 2022-06-26
• 7.4.5 - 2022-06-24
• 7.4.4 - 2022-04-11
• 7.4.3 - 2022-04-07
• 7.4.2 - 2022-04-03
• 7.4.1 - 2022-04-02
• 7.4.0 - 2022-03-28
• 7.3.0 - 2022-01-07
• 7.2.1 - 2021-12-10
• 7.2.0 - 2021-12-04
• 7.1.1 - 2021-10-03
• 7.1.0 - 2021-10-01
• 7.0.4 - 2021-09-24
• 7.0.3 - 2021-09-20
• 7.0.2 - 2021-09-19
• 7.0.1 - 2021-08-16
• 7.0.0 - 2021-06-11
• 6.7.0 - 2021-04-16
• 6.6.2 - 2021-03-29
• 6.6.1 - 2021-03-24
• 6.6.0 - 2021-03-10
• 6.5.0 - 2021-01-25
• 6.4.0 - 2021-01-22
• 6.3.1 - 2020-12-08
• 6.3.0 - 2020-12-03
• 6.2.0 - 2020-09-23
• 6.1.1 - 2020-08-31
• 6.1.0 - 2020-08-29
• 6.0.0 - 2020-08-26
• 6.0.0-rc.4 - 2020-08-23
• 6.0.0-rc.3 - 2020-08-05
• 6.0.0-rc.2 - 2020-07-31
• 6.0.0-rc.1 - 2020-07-28
• 5.16.0 - 2020-04-20

from d3 GitHub release notes

Commit messages

Package name: d3

• 1f8dd3b 7.9.0
• a8afcf8 d3-geo 3.1.1
• b79e7da fix vitepress colors, again
• 1461bfb update actions, again
• 6d6fb02 documentation for schemeObservable10 (Drop Windows XP (and Vista) support in 6.0 nodejs/node#3804)
• a353aa5 Documentation for d3-geo#281 (EPIPE with unix sockets from v4.1.2 nodejs/node#3803)
• 9f9d468 fix: jsx compatible camelCase syntax in svg (lib: replace self/bind usage with arrow func nodejs/node#3816)
• cb875ee Remove defunct newsletter signup link from footer (build: fix --with-intl=system-icu for cross compile nodejs/node#3808)
• 33b372d Revert "Remove mastodon link, change twitter to x (node5: unable to build with '--with-intl=system-icu' nodejs/node#3801)"
• 4d3e273 Remove mastodon link, change twitter to x (node5: unable to build with '--with-intl=system-icu' nodejs/node#3801)
• 4ca32f3 Update value.md (test-debug-signal-cluster.js fails sometimes (investigate flaky test) nodejs/node#3796)
• 6e37f0a Edit sentence to fix potential typo and for consistency (Drop Usage of Object::Set() nodejs/node#3780)
• 1c3a2eb scaleTime example (src, build: Enable Intel Vtune profiling for JavaScript nodejs/node#3785)
• 3f4a2d7 always have exactly two/three elements (zlib: inconsistent call to flush callback on oversized buffers nodejs/node#3782)
• a7108de Update Slack invite links (V8 upgrade to 4.6.85.23: Can no longer create a Buffer instance with nullptr nodejs/node#3781)
• cda2c99 Fix small typo (deps: cherry-pick 68e89fb from v8's upstream nodejs/node#3779)
• 5fbac55 restructure README, redirect API (Rediscuss if error message changes are semver-major nodejs/node#3776)
• e4682f1 single module (buffer: throw if string is not a valid HEX string nodejs/node#3773)
• 356b826 remove newsletter link for now (improve discovery of CoC nodejs/node#3774)
• a1453fa Ref. https://github.com/Fix typo in README.md d3/d3-force#222
• 2e5c7ec remove unused import
• 3158ddd fix link to example (test: increase crypto strength for FIPS standard nodejs/node#3758)
• af562ed add mutation warnings (tls: Use SHA1 for sessionIdContext in FIPS mode nodejs/node#3755)
• fa4553c Fix d3-time example (Problem with npm install -g particle-cli nodejs/node#3750)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs