[Snyk] Upgrade color from 0.11.4 to 4.2.3

[snyk-bot]

Snyk has created this PR to upgrade color from 0.11.4 to 4.2.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 22 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2022-04-05.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: color

• 4.2.3 - 2022-04-05
  

  Patch Release 4.2.3

  • 957531f mention .hex() is lossy (#244)
  • d00bd1a Correct the limits on XYZ model
  • 4ac1315 mark the package as side-effects free (#189)
  • f34a0ba use correct WCAG luminance constant (fixes #248)
  • 9dcc3b7 update YIQ formula constants (fixes #107, ref chartjs#2)
  • 5696221 remove numeric separators
    • Not sure why I had such a strong stance on this. I see now how annoying and terrible they are. Apologies to everyone who was affected, this was a bad decision on my part.
  • b26040e remove bitchy issue template

  Thanks to @ csandman, @ zdenekkostal, @ technobuddha, and @ maranomynet for their contributions!

• 4.2.2 - 2022-04-05
  

  Patch Release 4.2.2

  • 406d384 contast ratio level AAA is above 7:1
  • c7b8e75 fix linting issues
  • 5df6f50 don't compute valpha based on faulty argument counts (fixes #250)

  Thanks to @ shfshanyue for their contribution!

• 4.2.1 - 2022-02-11
  

  Patch Release 4.2.1

  NOTE: This is a metadata patch that changes no functionality of the library itself.

  • Restrict node version to ">=12.5.0" #236

  Thank you @ wtho for their contribution!

• 4.2.0 - 2022-01-11
  

  Minor Release 4.2.0

  • Add .hexa() method (#237)

  Thanks to @ n0ruSh for their contribution!

• 4.1.0 - 2021-12-03
  

  Minor Release 4.1.0

  • Update color-string to 1.9.0
• 4.0.2 - 2021-11-26
  

  Patch Release 4.0.2

  • Bump color-string to ~1.7.4
• 4.0.1 - 2021-08-04
  

  Patch Release 4.0.1

  • Remove no-op in integer constructor (#208)
  • Fixed var to const in readme
• 4.0.0 - 2021-07-17
  

  Major Release 4.0.0

  NOTE: "Major" here used loosely. This release is an interim major release that introduces ES6 syntax into the package without changing the import method (require()). There will be a follow-up major release that switches entirely to ESM and will set the appropriate engine key in package.json. This was just a necessary first step to allow those who don't (yet) use ESModules a sane place to upgrade and pin to.

  • Move ES6 syntax (i.e. const/let, still using require)
• 3.2.1 - 2021-07-18
  

  Patch Release 3.2.1

  • Revert color-convert back down to <2 since v2 introduced ES6 syntax.

  If you need color-convert@>=2 then you'll need to have ES6 support. It's 2021, embrace it. 🙂

• 3.2.0 - 2021-07-17
  

  Minor Release 3.2.0

  NOTE: This is the final release of color that uses ES5 syntax. For those following along, 4.0.0 was just released that switches to ES6 (const/let) syntax, which will (at some point) be followed by another major release that further switches to ES Modules entirely. This will be a sweeping change across the color package suite (color, color-string, color-convert). Keep a look out if these issues have been bothering you.

  • Bumps color convert to latest (fixes some issues with HCG)
  • Bumps mocha to latest
• 3.1.4 - 2021-07-17
• 3.1.3 - 2020-10-09
• 3.1.2 - 2019-06-03
• 3.1.1 - 2019-04-23
• 3.1.0 - 2018-10-09
• 3.0.0 - 2018-01-25
• 2.0.1 - 2017-11-09
• 2.0.0 - 2017-06-29
• 1.0.3 - 2016-12-15
• 1.0.2 - 2016-12-06
• 1.0.1 - 2016-12-03
• 1.0.0 - 2016-12-03
• 0.11.4 - 2016-11-01

from color GitHub release notes

Commit messages

Package name: color

• 561a34c 4.2.3
• b26040e remove bitchy issue template
• 5696221 remove numeric separators
• 9dcc3b7 update YIQ formula constants (fixes #107, ref Consider re-evaluating YIQ formula chartjs/chartjs-color#2)
• f34a0ba use correct WCAG luminance constant (fixes #248)
• 4ac1315 mark the package as side-effects free (#189)
• d00bd1a Correct the limits on XYZ model
• 957531f mention .hex() is lossy (#244)
• 0a0f44a 4.2.2
• 5df6f50 don't compute valpha based on faulty argument counts (fixes #250)
• c7b8e75 fix linting issues
• 406d384 contast ratio level AAA is above 7:1
• 286fb71 4.2.1
• a809a54 restrict node version to ">=12.5.0"
• 2df0451 4.2.0
• 0ef01ca feat: rgba to hex support
• 0601ecf 4.1.0
• 3ed0a07 update color-string
• f746979 4.0.2
• 22dcf3b bump color-string to ~1.7.4
• 47a7708 remove travis stuff and add github actions
• 60366b2 Update issue templates
• 3bb6a5d 4.0.1
• 4647eae Remove unnecessary step with number separator from Color function

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs