d3-color dependency update due to ReDoS

Question

d3-color dependency update due to ReDoS

imkarakayaavl opened this issue 2 years ago · comments

d3-interpolate uses d3-color as a dependency, which has a vulnerability "Regular Expression Denial of Service"(ReDoS) till version d3-color@3.1.0. Is it possible to upgrade it to d3-color to 3.1.0 ?

Philippe Rivière · Answer 1 · Mon Dec 19 2022 18:07:43 GMT+0800 (China Standard Time)

duplicate of #106