react-rotary-knob
react-rotary-knob copied to clipboard
d3 dependency chain vuln to ReDos
`npm audit report
d3-color <3.1.0 Severity: high d3-color vulnerable to ReDoS - https://github.com/advisories/GHSA-36jr-mh4h-2g58 No fix available node_modules/react-rotary-knob-skin-pack/node_modules/d3-color d3-interpolate 0.1.3 - 2.0.1 Depends on vulnerable versions of d3-color node_modules/react-rotary-knob-skin-pack/node_modules/d3-interpolate d3-scale 0.1.5 - 3.3.0 Depends on vulnerable versions of d3-interpolate node_modules/react-rotary-knob-skin-pack/node_modules/d3-scale react-rotary-knob 1.0.9 - 3.0.0 Depends on vulnerable versions of d3-scale Depends on vulnerable versions of react-svgmt node_modules/react-rotary-knob-skin-pack/node_modules/react-rotary-knob react-rotary-knob-skin-pack * Depends on vulnerable versions of react-rotary-knob node_modules/react-rotary-knob-skin-pack react-move <=3.1.0 Depends on vulnerable versions of d3-interpolate node_modules/react-rotary-knob-skin-pack/node_modules/react-move react-svgmt 1.1.3 - 2.0.0 Depends on vulnerable versions of react-move node_modules/react-rotary-knob-skin-pack/node_modules/react-svgmt
7 high severity vulnerabilities`
I've bumped up versions in my local project, but I'm extremely new to your library (which is great btw) and unsure if doing so breaks things.