d3-geomap
d3-geomap copied to clipboard
yaph
Update dependencies to resolve vulnerabilities in d3-color
Right now a vulnerable package (d3-color@1) is pulled in via a transitive dependency. Is there any chance of getting an updated package with recent dependencies?
I'd like to help out, but can not run the tests, as there seem to be some files missing.
Sadly, the dependencies cannot be easily upgraded. There are deprecated dependencies and API changes in newer versions of D3. I just spent quite some time trying to get this to run with newer versions and cannot even built the package any more. Could you build it?
I have a project with this dependency (and not much else) where I had success with using the following in package.json:
"overrides": {
"d3-array": "3",
"d3-color": "3",
"d3-fetch": "3",
"d3-format": "3",
"d3-geo": "3",
"d3-selection": "3",
"d3-transition": "3"
}
Though I am also not doing more than showing a map, so there might be things not working.
"dependencies": {
"d3": "^7.8.5",
"d3-geomap": "^3.3.0",
"d3-geo-projection": "^4.0.0",
"world-atlas": "^2.0.2"
},
"devDependencies": {
"@babel/core": "^7.23.9",
"@babel/preset-env": "^7.23.9",
"@rollup/plugin-babel": "^6.0.4",
"@rollup/plugin-node-resolve": "^15.2.3",
"@rollup/plugin-terser": "^0.4.4",
"node-sass": "^9.0.0",
"rollup": "^4.12.0",
"rollup-plugin-copy": "^3.5.0",
"rollup-plugin-postcss": "^4.0.2",
"rollup-plugin-serve": "^3.0.0"
},
"overrides": {
"d3-array": "3",
"d3-color": "3",
"d3-fetch": "3",
"d3-format": "3",
"d3-geo": "3",
"d3-selection": "3",
"d3-transition": "3"
}
I upgraded the dependencies, but the code that is built after the upgrade doesn't work any more. I don't see a new release coming any time soon and you're probably better of replacing d3.geomap with a different mapping library.