ngx-charts icon indicating copy to clipboard operation
ngx-charts copied to clipboard

Published 20 hours ago verified publisher icon swimlane

Snyk reports ReDoS via D3

Open internalsystemerror opened this issue 3 years ago • 4 comments

Describe the bug Snyk is reporting this package to contain a ReDoS vulnerability via the D3 package.

To Reproduce https://app.snyk.io/test/npm/@swimlane/ngx-charts/18.0.1?tab=issues

Expected behavior No vulnerabilities.

ngx-charts version Only tested 18.0.1.

Additional context This appears to be fixed in the latest D3 packages.

internalsystemerror avatar Jul 08 '21 10:07 internalsystemerror

Still happening for 19.1.0

To reproduce: https://app.snyk.io/test/npm/@swimlane/ngx-charts/19.1.0?tab=issues

franbueno avatar Oct 27 '21 11:10 franbueno

Same problem with v19.1.0, error : Regular Expression Denial of Service (ReDoS) in [email protected] introduced by @swimlane/[email protected] > [email protected] and 7 other path(s)

AnwarHemdene avatar Nov 04 '21 14:11 AnwarHemdene

@internalsystemerror @franbueno @AnwarHemdene Any updates on this issue?

SimonasMuleviciusIBM avatar Aug 05 '22 11:08 SimonasMuleviciusIBM

@SimonasMuleviciusIBM the solution for me was to update snyk severity level to high

AnwarHemdene avatar Aug 05 '22 13:08 AnwarHemdene

@SimonasMuleviciusIBM the solution for me was to update snyk severity level to high

Thank you, but I didn't understand what you meant. Is there a way to include the latest ngx-charts without vulnerability to this error?

dqjauthentrics avatar Nov 07 '22 16:11 dqjauthentrics