security(visx/scale): Update for d3-color dependencies?
See original GitHub issueGiven this vulnerability https://github.com/advisories/GHSA-36jr-mh4h-2g58, it would be great to get an update of all visx packages that directly and indirectly use d3-color
.
Issue Analytics
- State:
- Created a year ago
- Reactions:12
- Comments:10 (5 by maintainers)
Top Results From Across the Web
visx/scale documentation
Overview of scales. The @visx/scale package aims to provide a wrapper around existing d3 scaling originally defined in the d3-scale package.
Read more >d3-color | npm - Open Source Insights
Determines if the project has published a security policy. Determines if the project uses a dependency update tool. Determines if the default ...
Read more >leylinesjs - npm Package Health Analysis - Snyk
All security vulnerabilities belong to production dependencies of direct and indirect packages. License: Apache-2.0. Security Policy: No.
Read more >7zip-bin-osx 5.1.1 : MIT License @auth0/auth0-react 1.2.0
@pmmmwh/react-refresh-webpack-plugin 0.4.3 : MIT License ... d3-color 1.4.1 : BSD 3-clause "New" or "Revised" License.
Read more >Attributions - TerriaJS
[2K [1G [34minfo [39m "fsevents@1.2.13" is an optional dependency and failed ... warranty, or updates for a work that has been modified or...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
hmm - any updates on this front? new project wants to use @visx/scale, but dependency graph points to
d3-interpolate: 1.4.0
-->d3-color: 1.4.1
-->high
vulnerability causing builds to faili’m not sure if
d3-interporlate
>1.4.0
addresses the issue, but Mike Bostock closed the related issue here: https://github.com/d3/d3-interpolate/issues/106P.S. for anyone in this thread looking for an update, our knight in shining armour @williaster has set the wheels in motion to migrate away from nimbus and resolve this problem: https://github.com/airbnb/visx/pull/1609 🥇