You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
d3 dependency tree depends on version 3.0.1 of d3-color which is vulnerable to a Regular expression Denial of Service.
This issue has been patched in version 3.1.0. See GHSA-36jr-mh4h-2g58 for details.
Kindly update the d3 dependency chain from 3.0.1 to 3.1.0.
We would also like to get this updated for version 2.x of library modules as version 3.x switches to using ESM only for d3 which is not supported by our project.
The text was updated successfully, but these errors were encountered:
If you’re referring to the yarn.lock, that only applies if you clone this repository and run yarn install, i.e., when you’re developing changes to d3-scale locally. It doesn’t affect downstream packages.
We would like to get the fix d3/d3-color#100 updated for version 2.x of library modules as version 3.x switches to using ESM only for d3 which is not supported by our project.
d3 dependency tree depends on version 3.0.1 of d3-color which is vulnerable to a Regular expression Denial of Service.
This issue has been patched in version 3.1.0. See GHSA-36jr-mh4h-2g58 for details.
Kindly update the d3 dependency chain from 3.0.1 to 3.1.0.
We would also like to get this updated for version 2.x of library modules as version 3.x switches to using ESM only for d3 which is not supported by our project.
The text was updated successfully, but these errors were encountered: