hill-chart icon indicating copy to clipboard operation
hill-chart copied to clipboard
verified publisher icon nagi1

hill-chart depends on insecure upstream packages

Open savar opened this issue 1 year ago • 4 comments

hill-chart depends on an older version of d3-color which can only be fixed by switching to a newer version

is there any plan to upgrade the hill-chart package to update all the dependencies to their latest versions (or at least the ones having critical security issues like d3-color)?

savar avatar Apr 19 '24 09:04 savar

Please feel free to submit a PR and make the tests pass and will merge it instantly.

On Fri, Apr 19, 2024 at 11:36 AM Simon Effenberg @.***> wrote:

hill-chart depends on an older version of d3-color which can only be fixed by switching to a newer version

is there any plan to upgrade the hill-chart package to update all the dependencies to their latest versions (or at least the ones having critical security issues like d3-color https://github.com/advisories/GHSA-36jr-mh4h-2g58)?

— Reply to this email directly, view it on GitHub https://github.com/nagi1/hill-chart/issues/41, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD6Q4HHULS5JYJWKPR4DS2LY6DQQLAVCNFSM6AAAAABGO23XS6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGI2TENJTGI4DMMY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

nagi1 avatar Apr 19 '24 10:04 nagi1

I tried that, but see my comments there.

savar avatar Apr 20 '24 21:04 savar

@nagi1 do you have time to check the PR?

savar avatar May 24 '24 09:05 savar

I wanted to follow up on this PR as it's been a few months since the last update. Is there anything I can assist with to help move things forward?

scurth avatar Aug 07 '24 16:08 scurth