Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump vega-functions from 5.4.1 to 5.13.1 in /web #505

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 2, 2023

Bumps vega-functions from 5.4.1 to 5.13.1.

Release notes

Sourced from vega-functions's releases.

v5.13.0

Notable Changes

  • Improved Streaming Performance.

    For performance, Vega caches a lot of internal data structures, including calculated tuples, scenegraph items, and SVG DOM nodes. Previously, nested scopes (such as those created for facetted data) that result in vega-runtime subcontexts were never cleaned. If no external View API calls are made, this is fine, and actually improves performance for interaction-driven dynamic filtering. However, when providing streaming data to Vega through the View API, uncleaned caches and subcontexts can result in substantial memory leaks that also eventually degrade performance.

    This version adds mechanisms for clearing caches and detaching subflows to support streaming data within nested specifications. When input data is removed via a View API call or via signal-valued URL, Vega will now by default trigger garbage collection to reclaim resources. This behavior can be disabled by calling clean(false) on a constructed ChangeSet passed to the View API.

  • Improved Cursor Performance.

    Previously Vega updated the cursor style on the HTML document body. This persists cursor settings even during interactions (such as drags) that may leave the Vega View component. However, it also can result in large performance penalties in Chrome, which re-evaluates CSS styles in response. This version changes the default behavior to set the cursor locally on the Vega View component. If a global cursor is desired, the boolean config property events.globalCursor can be set true or the View method globalCursor can be invoked to change the setting at runtime.

  • Optional Expression Interpreter.

    This release adds interpreter support for Vega expressions that is Content Security Policy (CSP) compliant. By default, the Vega parser performs code generation for parsed Vega expressions, and the Vega runtime uses the Function constructor to create JavaScript functions from the generated code. Although the Vega parser includes its own security checks, the runtime generation of functions from source code nevertheless violates security policies designed to prevent cross-site scripting.

    This release provides an interpreter plug-in (the new vega-interpreter package) that evaluates expressions by traversing an Abstract Syntax Tree (AST) for an expression and performing each operation in turn. Use of the interpreter enables compliance with CSP, but can incur a performance penalty. In tests of initial parse and dataflow evaluation times, the interpreter is on average ~10% slower. Interactive updates may incur higher penalties, as they are often more expression-heavy and amortize the one-time cost of Function constructor parsing.

Changelog

Changes from v5.12.3:

vega

  • Update stream.html and stream-nested.html performance test pages.

vega-dataflow

  • Add detach method to Operator to remove adjacent edges (listeners) from the dataflow graph.
  • Add clean setter to ChangeSet, set to true by default if any tuples are removed.
  • Add clean getter/setter to Pulse, propagate value to forked pulses if they share a data source.
  • Update logging calls during Dataflow evaluation.

vega-encode

  • Update DataJoin transform to clean internal map when pulse.clean() is true.
  • Update Scale to include domainMid as an extrema if it exceeds the domain min or max. (#2656)

vega-functions

  • Fix scale function to not special case undefined input. This ensures identical semantics with the internal _scale helper function used by code-generated encoders.

vega-geo

  • Update d3-geo dependency.

vega-interpreter

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [vega-functions](https://github.com/vega/vega) from 5.4.1 to 5.13.1.
- [Release notes](https://github.com/vega/vega/releases)
- [Commits](https://github.com/vega/vega/commits)

---
updated-dependencies:
- dependency-name: vega-functions
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants