Vulnerability in D3 library
ibustosca opened this issue · comments
Hi,
Currently, there is a vulnerability associated with D3 library:
This vulnerability is resolved in the 3.1.0 version. However, vue-speedometer still continues working with the 1.x.x version.
The following message appears in my console:
vue-speedometer *
Depends on vulnerable versions of d3
node_modules/vue-speedometer
Do you have any solution for this?
Thank you so much!
Following up on this. Would you please be able to upgrade this repository to use D3 version 3.1.0? This is a major issue for me and may force me to abandon this component in my project. Any response would be appreciated. Thanks!
PRs welcome. Unfortunately, currently I don't have time to reliably look into this issue with a fixed deadline. Maybe bump up the version here - https://github.com/palerdot/vue-speedometer/blob/master/package.json#L52, and see if it solves your problem and make a PR to this repo. Mostly I will be able to merge it if there are no other breaking changes with current d3 major version.