Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

security(visx/scale): Update for d3-color dependencies?

See original GitHub issue

Given this vulnerability https://github.com/advisories/GHSA-36jr-mh4h-2g58, it would be great to get an update of all visx packages that directly and indirectly use d3-color.

Issue Analytics

  • State:closed
  • Created a year ago
  • Reactions:12
  • Comments:10 (5 by maintainers)

github_iconTop GitHub Comments

5reactions
grepscicommented, Nov 18, 2022

hmm - any updates on this front? new project wants to use @visx/scale, but dependency graph points to d3-interpolate: 1.4.0 --> d3-color: 1.4.1 --> high vulnerability causing builds to fail

i’m not sure if d3-interporlate > 1.4.0 addresses the issue, but Mike Bostock closed the related issue here: https://github.com/d3/d3-interpolate/issues/106

4reactions
JayWelshcommented, Dec 17, 2022

P.S. for anyone in this thread looking for an update, our knight in shining armour @williaster has set the wheels in motion to migrate away from nimbus and resolve this problem: https://github.com/airbnb/visx/pull/1609 🥇

Read more comments on GitHub >

github_iconTop Results From Across the Web

visx/scale documentation
Overview of scales. The @visx/scale package aims to provide a wrapper around existing d3 scaling originally defined in the d3-scale package.
Read more >
d3-color | npm - Open Source Insights
Determines if the project has published a security policy. Determines if the project uses a dependency update tool. Determines if the default ...
Read more >
leylinesjs - npm Package Health Analysis - Snyk
All security vulnerabilities belong to production dependencies of direct and indirect packages. License: Apache-2.0. Security Policy: No.
Read more >
7zip-bin-osx 5.1.1 : MIT License @auth0/auth0-react 1.2.0
@pmmmwh/react-refresh-webpack-plugin 0.4.3 : MIT License ... d3-color 1.4.1 : BSD 3-clause "New" or "Revised" License.
Read more >
Attributions - TerriaJS
[2K [1G [34minfo [39m "fsevents@1.2.13" is an optional dependency and failed ... warranty, or updates for a work that has been modified or...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

SplitLinePath takes a long time to render with certain curves

Next page

React 18 Support