[Snyk] Fix for 3 vulnerabilities

[JBWatenbergScality]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	454/1000 Why? Has a fix available, CVSS 4.8	Undesired Behavior SNYK-JS-STYLEDCOMPONENTS-3149924	No	No Known Exploit
	663/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-VEGA-3338521	No	Proof of Concept
	663/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-VEGA-3338522	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: vega

The new version differs by 47 commits.

• fb1092f docs: Update docs build files.
• 9ef5726 chore: Update LICENSE years.
• 3d4e672 chore: Update vega-util tsconfig.
• 1365926 chore: Bump version numbers.
• c793495 chore: Update dependencies, rollup config files.
• 6881e39 ci: Update CI node versions.
• 510b5bd test: Update tests for new d3-geo output.
• 67dc297 feat: Include projections as registered scales.
• ab371a0 feat(vega-functions): check if scale from context was registered in vega-scale before returning it
• 75620ed feat(vega-scale): add function for testing if a given scale config object was officially registered
• c450854 fix: replace object with map to protect agains accessing a constructor scale
• f3370db docs(vega-functions): add JSdocstring for the public scale function to vega scale
• 01adb03 fix: lassoAppend XSS w/typecheck + array spread instead of push
• 8d4865d Interpreter: Prevent evaluation of unsafe methods
• 2e86b87 fix autosize="fit-x/y" when legend is larger than plot
• 542e787 Wrap querySelectorAll in Array.from
• 09d40d9 chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2
• 883e597 chore(deps-dev): bump tape from 5.5.2 to 5.6.3
• e34b13f chore(deps-dev): bump @ babel/core from 7.17.8 to 7.21.0
• 66066b7 Update scene.d.ts
• 5611a30 Add `view` style for Vega-Lite
• ff1925e chore(deps): bump d3-hierarchy from 3.1.1 to 3.1.2
• cd4548c chore(deps): bump d3-color from 3.0.1 to 3.1.0
• 5a59f64 fix: remove `__count__` from the runtime `AggregateOps` type

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Cross-site Scripting (XSS)