This is an automated email from the ASF dual-hosted git repository. rusackas pushed a commit to branch chore/bump-d3-color-docs in repository https://gitbox.apache.org/repos/asf/superset.git
commit 53f5668602df4d5d2272967b583babc8c47a6e3f Author: Claude Code <[email protected]> AuthorDate: Fri May 29 21:55:53 2026 -0700 chore(deps): force d3-color 3.1.0 in docs Picks up an upstream fix flagged by Dependabot for d3-color, a transitive dependency. The vulnerable copy (2.0.0) was pulled in by an older `[email protected] - 2` requesting the `1 - 2` range, alongside the already-patched 3.1.0 used by the rest of the d3 stack. A yarn `resolutions` override forces every d3-color request to 3.1.0, unifying the two copies. d3-color 3.0.0's only breaking change was adopting `type: module` (Node 12+); there are no API changes from the 2.x line, and the docs build runs Node 20 through webpack. Validated with a full `yarn build` of the docs site and `yarn install --immutable`. Co-Authored-By: Claude Opus 4.8 <[email protected]> --- docs/package.json | 3 ++- docs/yarn.lock | 9 ++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/docs/package.json b/docs/package.json index d1348d7c558..c5161b0cc15 100644 --- a/docs/package.json +++ b/docs/package.json @@ -131,7 +131,8 @@ "swagger-client": "3.37.3", "lodash": "4.18.1", "lodash-es": "4.18.1", - "yaml": "1.10.3" + "yaml": "1.10.3", + "d3-color": "3.1.0" }, "packageManager": "[email protected]+sha1.ac34549e6aa8e7ead463a7407e1c7390f61a6610" } diff --git a/docs/yarn.lock b/docs/yarn.lock index 229f70fcea1..6174076b895 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -6538,14 +6538,9 @@ d3-chord@3: dependencies: d3-path "1 - 3" -"d3-color@1 - 2": - version "2.0.0" - resolved "https://registry.npmjs.org/d3-color/-/d3-color-2.0.0.tgz"; - integrity sha512-SPXi0TSKPD4g9tw0NMZFnR95XVgUZiBH+uUTqQuDu1OsE2zomHU7ho0FISciaPvosimixwHFl3WHLGabv6dDgQ== - -"d3-color@1 - 3", d3-color@3: +"d3-color@1 - 2", "d3-color@1 - 3", d3-color@3, [email protected]: version "3.1.0" - resolved "https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz"; + resolved "https://registry.yarnpkg.com/d3-color/-/d3-color-3.1.0.tgz#395b2833dfac71507f12ac2f7af23bf819de24e2"; integrity sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA== d3-contour@4:
