react-wordcloud icon indicating copy to clipboard operation
react-wordcloud copied to clipboard

Published 20 hours ago verified publisher icon chrisrzhou

Update d3 dependencies to version 3

Open ahmohamed opened this issue 4 years ago • 3 comments

This PR updates outdated dependencies d3-array, d3-selection and d3-transition as well as other D3-* packages to version 3. The only incompatibility was the removal of d3 event. Relevant code was updated to use the new syntax. Fixes #85

ahmohamed avatar Sep 27 '21 01:09 ahmohamed

Hi,

All d3-color < 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds for previous versions.

Can you use this PR to push a new version of react-wordcloud?

If not I will stop using react-worldcloud as it becomes vulnerable....

Thanks for your help

Felix83000 avatar Dec 29 '22 17:12 Felix83000

Capture d’écran 2022-12-29 à 19 10 11

Felix83000 avatar Dec 29 '22 18:12 Felix83000

I'm not a maintainer of this package and don't have write access to this repo. The maintainer @chrisrzhou hasn't been responsive either. Personally I've been using my own fork directly. If @chrisrzhou wants to archive this repo, I'm happy to create another npm package with these updates (say react-wordcloud2).

ahmohamed avatar Dec 30 '22 01:12 ahmohamed