topola icon indicating copy to clipboard operation
topola copied to clipboard

Published 20 hours ago verified publisher icon PeWu

topola uses outdated d3 libraries with know vulnerabilities

Open Bertg opened this issue 7 months ago • 0 comments

From dependabot

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

If possible, can the project be bumped to use the latest d3 versions?

Bertg avatar Jul 16 '24 20:07 Bertg