react-d3-speedometer icon indicating copy to clipboard operation
react-d3-speedometer copied to clipboard

Published 20 hours ago verified publisher icon palerdot

D3 update

Open luluhoc opened this issue 2 years ago • 1 comments

luluhoc avatar Sep 07 '21 21:09 luluhoc

To avoid breaking changes, update of d3 library will be synced with next major version. In any case, I will see I can release an intermediate version with d3 updated

palerdot avatar Sep 08 '21 03:09 palerdot

Is there any ETA on this? The version of d3-color which react-d3-speedometer relies on has a ReDoS vulnerability - https://github.com/advisories/GHSA-36jr-mh4h-2g58

mwaddell avatar Jan 06 '23 16:01 mwaddell

Is this related to v1.x (React 17)? Because, upcoming v2.x (with React 18 support) (https://github.com/palerdot/react-d3-speedometer/pull/143/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519) is already using d3-color v3.1.0. This branch will soon be made stable (in favour of v1.x/React 17) as React 18 is quite stable for some time.

I would suggest using the latest v2.x version with React 18 support in any case.

P.S I don't have an ETA for v1.x (React 17) as it is using d3 v6 and I'm not sure what breaking changes are in latest major version. It is one of the reasons v2.x (React 18) has all the libraries updated to their latest major version.

palerdot avatar Jan 07 '23 03:01 palerdot

Gotcha - I'll try switching to the 2.x branch with React 18. Thanks!

mwaddell avatar Jan 08 '23 03:01 mwaddell

Yep - the 2.x branch is working great and doesn't have that security issue. Thanks again!

mwaddell avatar Jan 08 '23 18:01 mwaddell

Any news on the ETA for the v2.x version? Happy to contribute if there is any TODO list.

Senderek avatar Oct 12 '23 13:10 Senderek

v2 is already published

palerdot avatar Oct 13 '23 03:10 palerdot