Bump vega-functions and vega

[dependabot]

Bumps vega-functions and vega. These dependencies needed to be updated together.
Updates vega-functions from 5.12.0 to 5.13.2

Release notes

Sourced from vega-functions's releases.

v5.13.0

Notable Changes

• Improved Streaming Performance.

  For performance, Vega caches a lot of internal data structures, including calculated tuples, scenegraph items, and SVG DOM nodes. Previously, nested scopes (such as those created for facetted data) that result in vega-runtime subcontexts were never cleaned. If no external View API calls are made, this is fine, and actually improves performance for interaction-driven dynamic filtering. However, when providing streaming data to Vega through the View API, uncleaned caches and subcontexts can result in substantial memory leaks that also eventually degrade performance.

  This version adds mechanisms for clearing caches and detaching subflows to support streaming data within nested specifications. When input data is removed via a View API call or via signal-valued URL, Vega will now by default trigger garbage collection to reclaim resources. This behavior can be disabled by calling clean(false) on a constructed ChangeSet passed to the View API.

• Improved Cursor Performance.

  Previously Vega updated the cursor style on the HTML document body. This persists cursor settings even during interactions (such as drags) that may leave the Vega View component. However, it also can result in large performance penalties in Chrome, which re-evaluates CSS styles in response. This version changes the default behavior to set the cursor locally on the Vega View component. If a global cursor is desired, the boolean config property events.globalCursor can be set true or the View method globalCursor can be invoked to change the setting at runtime.

• Optional Expression Interpreter.

  This release adds interpreter support for Vega expressions that is Content Security Policy (CSP) compliant. By default, the Vega parser performs code generation for parsed Vega expressions, and the Vega runtime uses the Function constructor to create JavaScript functions from the generated code. Although the Vega parser includes its own security checks, the runtime generation of functions from source code nevertheless violates security policies designed to prevent cross-site scripting.

  This release provides an interpreter plug-in (the new vega-interpreter package) that evaluates expressions by traversing an Abstract Syntax Tree (AST) for an expression and performing each operation in turn. Use of the interpreter enables compliance with CSP, but can incur a performance penalty. In tests of initial parse and dataflow evaluation times, the interpreter is on average ~10% slower. Interactive updates may incur higher penalties, as they are often more expression-heavy and amortize the one-time cost of Function constructor parsing.

Changelog

Changes from v5.12.3:

vega

• Update stream.html and stream-nested.html performance test pages.

vega-dataflow

• Add detach method to Operator to remove adjacent edges (listeners) from the dataflow graph.
• Add clean setter to ChangeSet, set to true by default if any tuples are removed.
• Add clean getter/setter to Pulse, propagate value to forked pulses if they share a data source.
• Update logging calls during Dataflow evaluation.

vega-encode

• Update DataJoin transform to clean internal map when pulse.clean() is true.
• Update Scale to include domainMid as an extrema if it exceeds the domain min or max. (#2656)

vega-functions

• Fix scale function to not special case undefined input. This ensures identical semantics with the internal _scale helper function used by code-generated encoders.

vega-geo

• Update d3-geo dependency.

vega-interpreter

... (truncated)

Commits

• See full diff in compare view

Updates vega from 5.20.2 to 5.25.0

Release notes

Sourced from vega's releases.

v5.25.0

Changes from v5.24.0:

monorepo

• Fix browser lists for IE support. (thanks @​domoritz!)
• Update dependencies.

vega-cli

• Add ppi resolution parameter for PNG output. (thanks @​davidanthoff!)
• Return error code on failure. (thanks @​davidanthoff!)

vega-expression

• Add hypot function. (thanks @​domoritz!)

vega-functions

• Update to use hypot.

vega-regression

• Allow zero-valued order for polynomial regression.

vega-statistics

• Add constant regression method.

vega-transforms

• Use robust (null proto) object for aggregate cell map. (#3695)

vega-util

• Fix consecutive escapes in splitAccessPath #3724 (thanks @​suchanlee!)

v5.24.0

Changes from v5.23.0:

monorepo

• Update dev dependencies.
• Fix duplicated code in bundle (#3684).

vega-force

• Update Force transform schema to allow expression-valued nbody force strength.

vega-schema

... (truncated)

Commits

• a9ab9a3 ci: Revert node version change.
• 7283573 ci: Test on node 16, 18, 20.
• e520a16 docs: Update docs build files.
• a27d94b chore: Bump package version numbers.
• ee59a57 chore: Bump dev dependencies.
• 99a0921 fix: Use robust (null proto) object for aggregate cell map. (#3695)
• 9529ffd feat: constant regression (#3718)
• c596205 chore: Update rimraf dev dep.
• 94ee172 fix: Rename warming stripes json spec.
• f058d4f docs: Update warming stripes example.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.