react-d3-speedometer
react-d3-speedometer copied to clipboard
D3 update
To avoid breaking changes, update of d3 library will be synced with next major version. In any case, I will see I can release an intermediate version with d3 updated
Is there any ETA on this? The version of d3-color which react-d3-speedometer relies on has a ReDoS vulnerability - https://github.com/advisories/GHSA-36jr-mh4h-2g58
Is this related to v1.x (React 17)
? Because, upcoming v2.x (with React 18 support)
(https://github.com/palerdot/react-d3-speedometer/pull/143/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519) is already using d3-color v3.1.0
. This branch will soon be made stable (in favour of v1.x/React 17
) as React 18
is quite stable for some time.
I would suggest using the latest v2.x
version with React 18 support in any case.
P.S I don't have an ETA for v1.x (React 17)
as it is using d3 v6
and I'm not sure what breaking changes are in latest major version. It is one of the reasons v2.x (React 18)
has all the libraries updated to their latest major version.
Gotcha - I'll try switching to the 2.x branch with React 18. Thanks!
Yep - the 2.x branch is working great and doesn't have that security issue. Thanks again!
Any news on the ETA for the v2.x version? Happy to contribute if there is any TODO list.
v2 is already published