react-charts icon indicating copy to clipboard operation
react-charts copied to clipboard
verified publisher icon TanStack

Fix dependency vulnerability d3-color < 3.1.0

Open j3r3myp1pp3n opened this issue 3 years ago • 3 comments

Wanted to share a recently discovered vulnerability, showing as High in npm audit.

d3-color vulnerable to ReDoS Patched in >=3.1.0 Path: react-charts > d3-scale > d3-interpolate > d3-color

image

j3r3myp1pp3n avatar Nov 18 '22 20:11 j3r3myp1pp3n

Hi @tannerlinsley it would be great if you could update it, thank you for the awesome charts.

huyphams avatar Nov 23 '22 05:11 huyphams

Hi there, I am using dx-react-charts as a dependency which has a dependency on d3-color just like the screenshot above. Do i just add d3-color v3.1.0 as a peerDependency to fix this issue. Thanks in advance!

amitnyc83 avatar Jan 31 '24 03:01 amitnyc83