Update d3-scale and d3-scale-chromatic dependency with high severity vulnerability

Question

Update d3-scale and d3-scale-chromatic dependency with high severity vulnerability

fresheneesz opened this issue a year ago · comments

npm audit shows that this transitively depends on d3-color v2 which has a high CVE. Updating d3-scale to v3.1+ and d3-scale-chromatic to v3 would solve this.

react-wordcloud@1.2.7 > d3-scale@3.3.0 >  d3-interpolate@2.0.1 > d3-color@2.0.0

react-wordcloud@1.2.7 > d3-scale-chromatic@1.5.0 > d3-color@1.4.1

Billy · Answer 1 · Wed May 24 2023 06:41:27 GMT+0800 (China Standard Time)

Ah, sorry, de-interpolate needs to update first

Jigar Mehta · Answer 2 · Tue Feb 06 2024 12:38:12 GMT+0800 (China Standard Time)

d3-scale latest version 4.0.2 which has d3-interpolate@3
d3-interpolate latest version 3.0.1 which has d3-color@3

d3-scale-chromatic latest version 3.0.0 which has d3-color@3

So this vulnerability should be resolved if we update the packages.