d3-color high severity vulnerabilityΒ #148
Description
react-d3-cloud depends on a version of d3-color that is vunerable to reDOS: GHSA-36jr-mh4h-2g58
Any version of d3-color <3.1.0 is vunerable to this. Please update the package.json to get a later version of react-d3-color
(env) duecknoah@Noahs-MacBook-Pro dashboard % npm audit
# npm audit report
d3-color <3.1.0
Severity: high
d3-color vulnerable to ReDoS - https://github.com/advisories/GHSA-36jr-mh4h-2g58
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/d3-color
d3-interpolate 0.1.3 - 2.0.1
Depends on vulnerable versions of d3-color
node_modules/d3-interpolate
d3-scale 0.1.5 - 3.3.0
Depends on vulnerable versions of d3-interpolate
node_modules/d3-scale
react-d3-cloud >=0.5.0
Depends on vulnerable versions of d3-scale
Depends on vulnerable versions of d3-scale-chromatic
node_modules/react-d3-cloud
d3-scale-chromatic 0.1.0 - 2.0.0
Depends on vulnerable versions of d3-color
Depends on vulnerable versions of d3-interpolate
node_modules/d3-scale-chromatic
5 high severity vulnerabilities