Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

High vulnerability found in d3-color #1872

Open
TheAndre980 opened this issue Oct 18, 2022 · 0 comments
Open

High vulnerability found in d3-color #1872

TheAndre980 opened this issue Oct 18, 2022 · 0 comments

Comments

@TheAndre980
Copy link

High vulnerability found (30.09.2022) from npm audit

GHSA-36jr-mh4h-2g58

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ d3-color vulnerable to ReDoS │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ d3-color │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ dc │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ dc > d3 > d3-color │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ GHSA-36jr-mh4h-2g58
└───────────────┴──────────────────────────────────────────────────────────────┘

My guess would just be to update the d3 lib that has a d3-color fixed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TheAndre980