Update d3 dependencies to version 3#87
Conversation
|
Hi, All d3-color < 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds for previous versions. Can you use this PR to push a new version of react-wordcloud? If not I will stop using react-worldcloud as it becomes vulnerable.... Thanks for your help |
Felix83000
left a comment
Felix83000
left a comment
There was a problem hiding this comment.
To fix d3-color vulnerabilitie, please use last version of
d3-scale
d3-scale-chromatic
d3-transition
|
|
|
I'm not a maintainer of this package and don't have write access to this repo. The maintainer @chrisrzhou hasn't been responsive either. Personally I've been using my own fork directly. If @chrisrzhou wants to archive this repo, I'm happy to create another npm package with these updates (say |
2 participants
This PR updates outdated dependencies
d3-array,d3-selectionandd3-transitionas well as other D3-* packages to version 3. The only incompatibility was the removal ofd3 event. Relevant code was updated to use the new syntax.Fixes #85