Description

This is a copy of #3120 - creating another PR for the sake of cleaner commit history

• removed demo and src from files array - they add bloat to the build
• fix failing unit test with d3 upgrade - domains with strings need to be called with a string value

D3 moved to vending ESM only. Our consumers use jest, next, etc. which requires cjs - if we patch d3 security vulnerability in a patch fix we break our consumers. In order for v2.x.x to be secure we need a cjs version of patched d3.

victory-vendor does this for us as per blog post https://formidable.com/blog/2022/victory-esm/

change d3 references to victory-vendor, remove direct d3 dependencies

Related Issue

#3012 #3009, more

Motivation and Context

Fix dependency vulnerability that will not go away in 2.x.x due to d3 not wanting to upgrade

How Has This Been Tested?

See comment here #3012 (comment)

Created two duplicate branches. One I upgraded the dependencies directly, this one I replaced with victory-vendor. Due to adding jest tests to our test suite we now have a failing build when directly upgrading the deps.

deployed in recharts 2.3.0-alpha.1

Many references are also in our demo project - these continue to work as well. Tested manually.
npm run test
npm run build
npm run demo

Screenshots (if appropriate): N/A

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have added tests to cover my changes.
• All new and existing tests passed.