citizenlab
citizenlab copied to clipboard
CitizenLabDotCo
Bump d3-color and recharts in /front
Bumps d3-color to 3.1.0 and updates ancestor dependency recharts. These dependencies need to be updated together.
Updates d3-color from 3.0.1 to 3.1.0
Release notes
Sourced from d3-color's releases.
v3.1.0
- Add rgb.clamp and hsl.clamp. #102
- Add color.formatHex8. #103
- Fix color.formatHsl to clamp values to the expected range. #83
- Fix catastrophic backtracking when parsing colors. #89 #97 #99 #100 SNYK-JS-D3COLOR-1076592
Commits
Updates recharts from 2.1.10 to 2.1.14
Changelog
Sourced from recharts's changelog.
2.1.14 (Sep 7, 2022)
fix
- Add inactiveShape prop to Pie component (#2900)
- Revert "chore: move type deps into devDependencies (#2843)" (#2942)
- Fix typing of default tooltip formatter (#2924)
- Take letter-spacing and font-size into consideration while rendering ticks (#2898)
- Add formatter function type to tooltip props (#2916)
- doc: Update CHANGELOG.md about d3 7.x (#2919)
2.1.13 (Jul 26, 2022)
fix
- set animate flag before chart data update (#2911)
- Error bar domain fix (#2863)
- fix: fix "recharts@… doesn't provide prop-types, requested by react-smooth" warning (#2895)
chore
- upgrade d3 (#2893)
2.1.12 (Jun 27, 2022)
fix
- update react-smooth version
- update d3 from 6.x to 7.x it may break some tools like jest
fix config for jest is to add the following configuration
const path = require('path'); // took from d3/package.json const d3Pkgs = [ 'd3', 'd3-array', 'd3-axis', 'd3-brush', 'd3-chord', 'd3-color', 'd3-contour', 'd3-delaunay', 'd3-dispatch', 'd3-drag', 'd3-dsv', 'd3-ease', 'd3-fetch', 'd3-force', 'd3-format', 'd3-geo', </tr></table>
... (truncated)
Commits
- See full diff in compare view
You can trigger a rebase of this PR by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
| Warnings | |
|---|---|
| :warning: | The branch name contains no Jira issue key (case-sensitive) |
| :warning: | The PR title contains no Jira issue key (case-sensitive) |
| :warning: | The changelog hasn't been modified |
| Messages | |
|---|---|
| :book: |
Generated by :no_entry_sign: dangerJS against 73228ca8e30c708eee844f73136bb6e73a0e9f7f
recharts 2.1.13 broke something apparently: https://github.com/recharts/recharts/issues/2991
I suggest we wait for a fix?
@luucvanderzee It seems to be linked to a security vulnerability - https://github.com/CitizenLabDotCo/citizenlab/security/dependabot/53 Could you check if it's relevant to us? If not - fine to wait, I think.