Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix dependency vulnerability d3-color < 3.1.0 #328

Open
j3r3myp1pp3n opened this issue Nov 18, 2022 · 2 comments
Open

Fix dependency vulnerability d3-color < 3.1.0 #328

j3r3myp1pp3n opened this issue Nov 18, 2022 · 2 comments

Comments

@j3r3myp1pp3n
Copy link

Wanted to share a recently discovered vulnerability, showing as High in npm audit.

d3-color vulnerable to ReDoS
Patched in >=3.1.0
Path: react-charts > d3-scale > d3-interpolate > d3-color

image
@huyphams
Copy link

Hi @tannerlinsley it would be great if you could update it, thank you for the awesome charts.

@emattiza emattiza mentioned this issue Dec 5, 2022
Merged
@amitnyc83
Copy link

amitnyc83 commented Jan 31, 2024
edited
Loading

Hi there, I am using dx-react-charts as a dependency which has a dependency on d3-color just like the screenshot above. Do i just add d3-color v3.1.0 as a peerDependency to fix this issue. Thanks in advance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@j3r3myp1pp3n @huyphams @amitnyc83