Snyk checks request a fixed version of d3-color
distroysf opened this issue · comments
Roy Distler commented
I'm using s3-scale version 4.0.2, which uses the following dependencies: d3-scale@4.0.2 › d3-interpolate@3.0.1 › d3-color@2.0.0
this causes the Snyk PR Check in my repo to fail due to d3-color Regular Expression Denial of Service (ReDoS), which is fixed on d3-color@3.0.1
What's the road map for upgrading d3-scale with the required d3-color version?
Philippe Rivière commented
d3-interpolate requires "d3-color": "1 - 3", you just need to upgrade.