Security vulnerability coming from d3-color versions before v3.1.0.
code21112 opened this issue · comments
Hi,
We're using the radar in a project and we're facing a security vulnerability from d3-color, which is a dependency of d3-tip package.
It seems that upgrading that package to its version 3.1.0 fixes this issue:
https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592
Yet, your code uses previous versions of d3-color (cf. as below for instance):
https://github.com/thoughtworks/build-your-own-radar/blob/master/package-lock.json#L4812
Are you planning to fix that vulnerability?
Thanks.
Hi @code21112 , we have updated the packages to the fix the vulnerability issue now. The changes are in the master branch.
Thanks!