upgrade d3-flamegraph to fix security vuln

[fsperling]

What version of pprof are you using?

the latest from main

What is the issue

The d3flamegraph version used by pprof is using a vulnerable version of d3-color.
d3-color should be upgraded to 3.1.0

https://github.com/google/pprof/blob/main/third_party/d3flamegraph/package-lock.json#L325

The vuln report could be more detailed:
https://git.soma.salesforce.com/pages/Infrastructure-Security/ast.github.io/sonatype-2021-0795.html
The snyk report says that it's fixed in 3.1.0

[sameemcodes]

@raidancampbell @aalexand #767 (comment) please check this

[aalexand]

FYI - we plan to get rid of the d3 dependency altogether, see #777.

As a note, it is discouraged overall to expose the pprof web interface beyond any trusted network domains like local machine.

And as a reminder, pprof is not an official Google product, see the main page.

[aalexand]

#777 removed the d3 dep so this is not relevant anymore.