react-vis icon indicating copy to clipboard operation
react-vis copied to clipboard
verified publisher icon uber

Vulnerability with d3-color

Open AndrewJohnBenjamin opened this issue 4 years ago • 1 comments

A new vulnerability has been detected with the d3-color package that make is vulnerable to ReDOS attacks. Upgrading to version 3 of d3-color solves this issue.

The following libraries also make use of d3-color and would need to be upgraded to ^3.0.0 in order to remove this vulnerability

  • d3-interpolate

Is this something you are aware of and willing to fix?

Thanks

  • Andy

AndrewJohnBenjamin avatar Jul 06 '21 12:07 AndrewJohnBenjamin

I have the same problem here...

gustavos-br avatar Jan 20 '22 22:01 gustavos-br