Vulnerable version of d3-color used as a dependency

Question

Vulnerable version of d3-color used as a dependency

CyberLuxNova opened this issue a year ago · comments

This PR did not resolve the vulnerability issue of d3-color #477
The project still uses a vulnerable package as one of its dependency, can some please check and update ?

https://deps.dev/npm/%40swimlane%2Fngx-graph/8.0.3 shows the vulnerability

TechNova · Answer 1 · Tue May 23 2023 16:17:26 GMT+0800 (China Standard Time)

@marjan-georgiev @assafsun

CharlyHC · Answer 2 · Tue May 23 2023 19:22:32 GMT+0800 (China Standard Time)

A fix for this would really help us.