Update dependency d3-color to v3 [SECURITY] #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

renovate wants to merge 1 commit into master from renovate/npm-d3-color-vulnerability

renovate bot commented Nov 20, 2022 •

edited

Loading

This PR contains the following updates:

Package	Change	Age	Confidence
d3-color (source)	`^1.2.0` -> `^3.0.0`

GitHub Vulnerability Alerts

GHSA-36jr-mh4h-2g58

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

Release Notes

d3/d3-color (d3-color)

`v3.1.0`

Add rgb.clamp and hsl.clamp. #102
Add color.formatHex8. #103
Fix color.formatHsl to clamp values to the expected range. #83
Fix catastrophic backtracking when parsing colors. #89 #97 #99 #100 SNYK-JS-D3COLOR-1076592

`v3.0.1`

Make build reproducible.

`v3.0.0`

Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

`v2.0.0`

This release adopts ES2015 language features such as for-of and drops support for older browsers, including IE. If you need to support pre-ES2015 environments, you should stick with d3-color 1.x or use a transpiler.

`v1.4.1`

Fix parsing of 4- and 8-digit hexadecimal transparent colors. #52

`v1.4.0`

Add support for parsing 4- and 8-digit hexadecimal colors. #60 Thanks, @zerovox!
Add sideEffects: false to the package.json.

`v1.3.0`

Add color.copy.
Add color.formatHex.
Add color.formatHsl.
Add color.formatRgb.
Deprecate color.hex; use color.formatHex instead.

`v1.2.8`

Revert chroma clamping in hcl.toString. (#33)

`v1.2.7`

Account for rounding when determining whether a color is displayable.

`v1.2.6`

Implement chroma clamping in hcl.toString. (#33)
Fix achromatic representation of white in HCL colorspace (again).

`v1.2.5`

Fix achromatic representation of white in HCL colorspace.

`v1.2.4`

Fix achromatic representation of black and white in HCL colorspace.

`v1.2.3`

Housekeeping.

`v1.2.2`

Update dependencies, again.

`v1.2.1`

Update dependencies.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot changed the title ~~Update dependency d3-color to 3.1.0 [SECURITY]~~ Update dependency d3-color to v3 [SECURITY]

renovate bot force-pushed the renovate/npm-d3-color-vulnerability branch from 5fd957b to a61fd2a Compare

August 10, 2025 13:50

renovate bot force-pushed the renovate/npm-d3-color-vulnerability branch from a61fd2a to 1794b67 Compare

November 10, 2025 20:54


          Update dependency d3-color to v3 [SECURITY]

7376bc3

renovate bot force-pushed the renovate/npm-d3-color-vulnerability branch from 1794b67 to 7376bc3 Compare

November 18, 2025 22:52

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet