NPM Audit Issues

Question

NPM Audit Issues

rhalaly opened this issue 2 years ago · comments

There are npm audit issues in this package related to d3-color:

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

Billy · Answer 1 · Thu May 25 2023 00:09:28 GMT+0800 (China Standard Time)

To solve this issue, three dependencies need to be updated:

d3-scale needs to be updated to v4+,
d3-scale-chromatic and d3-transition need to be updated to v3+.

Andrew Schonfeld · Answer 2 · Wed Jul 12 2023 23:18:01 GMT+0800 (China Standard Time)

It doesn't appear that this package is maintained anymore. It's a great package. I'm not sure whether I want to fork it with @fresheneesz updates or if anyone knows of a good alternative package?