Comments (10)
Looks like there is a PR for this: #2466 can we get this in?
from nivo.
d3-scale
must be updated too to latest version 4.x. Currently used 3.x depends on vulnerable version of d3-color
too.
[email protected] -> "d3-interpolate": "1.2.0 - 2" -> "d3-color": "1 - 2"
from nivo.
Same issue here, npm audit vulnerabilities are still flagged
from nivo.
What is the progress on this? Kindly update
from nivo.
+1 - Here's the npm audit:
d3-color <3.1.0
Severity: high
d3-color vulnerable to ReDoS - https://github.com/advisories/GHSA-36jr-mh4h-2g58
fix available via `npm audit fix --force`
Will install @nivo/[email protected], which is a breaking change
node_modules/d3-scale-chromatic/node_modules/d3-color
node_modules/d3-scale/node_modules/d3-color
d3-interpolate 0.1.3 - 2.0.1
Depends on vulnerable versions of d3-color
node_modules/d3-scale-chromatic/node_modules/d3-interpolate
node_modules/d3-scale/node_modules/d3-interpolate
d3-scale 0.1.5 - 3.3.0
Depends on vulnerable versions of d3-interpolate
node_modules/d3-scale
@nivo/core *
Depends on vulnerable versions of @nivo/tooltip
Depends on vulnerable versions of d3-scale
node_modules/@nivo/core
@nivo/axes *
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of @nivo/scales
node_modules/@nivo/axes
@nivo/bullet *
Depends on vulnerable versions of @nivo/axes
Depends on vulnerable versions of @nivo/colors
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of @nivo/legends
Depends on vulnerable versions of @nivo/scales
Depends on vulnerable versions of @nivo/tooltip
node_modules/@nivo/bullet
@nivo/colors *
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of d3-scale
Depends on vulnerable versions of d3-scale-chromatic
node_modules/@nivo/colors
@nivo/annotations *
Depends on vulnerable versions of @nivo/colors
Depends on vulnerable versions of @nivo/core
node_modules/@nivo/annotations
@nivo/network *
Depends on vulnerable versions of @nivo/annotations
Depends on vulnerable versions of @nivo/colors
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of @nivo/tooltip
node_modules/@nivo/network
@nivo/legends >=0.56.0
Depends on vulnerable versions of @nivo/colors
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of d3-scale
node_modules/@nivo/legends
@nivo/tooltip *
Depends on vulnerable versions of @nivo/core
node_modules/@nivo/tooltip
@nivo/scales *
Depends on vulnerable versions of d3-scale
node_modules/@nivo/scales
d3-scale-chromatic 0.1.0 - 2.0.0
Depends on vulnerable versions of d3-color
Depends on vulnerable versions of d3-interpolate
node_modules/d3-scale-chromatic
from nivo.
Hi, same issue here.
For my project I need to install @nivo/core
, @nivo/line
and @nivo/geo
, and all three report vulnerability issues.
By installing only @nivo/core
, the npm audit report is:
d3-color <3.1.0
Severity: high
d3-color vulnerable to ReDoS - https://github.com/advisories/GHSA-36jr-mh4h-2g58
No fix available
node_modules/d3-scale/node_modules/d3-color
d3-interpolate 0.1.3 - 2.0.1
Depends on vulnerable versions of d3-color
node_modules/d3-scale/node_modules/d3-interpolate
d3-scale 0.1.5 - 3.3.0
Depends on vulnerable versions of d3-interpolate
node_modules/d3-scale
@nivo/core *
Depends on vulnerable versions of @nivo/tooltip
Depends on vulnerable versions of d3-scale
node_modules/@nivo/core
@nivo/tooltip *
Depends on vulnerable versions of @nivo/core
node_modules/@nivo/tooltip
By installing only @nivo/line
, the npm audit report is:
d3-color <3.1.0
Severity: high
d3-color vulnerable to ReDoS - https://github.com/advisories/GHSA-36jr-mh4h-2g58
fix available via `npm audit fix --force`
Will install @nivo/[email protected], which is a breaking change
node_modules/@nivo/colors/node_modules/d3-interpolate/node_modules/d3-color
node_modules/@nivo/colors/node_modules/d3-scale-chromatic/node_modules/d3-color
node_modules/d3-scale/node_modules/d3-color
d3-interpolate 0.1.3 - 2.0.1
Depends on vulnerable versions of d3-color
node_modules/@nivo/colors/node_modules/d3-interpolate
node_modules/d3-scale/node_modules/d3-interpolate
d3-scale 0.1.5 - 3.3.0
Depends on vulnerable versions of d3-interpolate
node_modules/d3-scale
@nivo/core *
Depends on vulnerable versions of @nivo/tooltip
Depends on vulnerable versions of d3-scale
node_modules/@nivo/core
@nivo/axes *
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of @nivo/scales
node_modules/@nivo/axes
@nivo/line *
Depends on vulnerable versions of @nivo/annotations
Depends on vulnerable versions of @nivo/axes
Depends on vulnerable versions of @nivo/colors
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of @nivo/legends
Depends on vulnerable versions of @nivo/scales
Depends on vulnerable versions of @nivo/tooltip
Depends on vulnerable versions of @nivo/voronoi
node_modules/@nivo/line
@nivo/colors *
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of d3-scale
Depends on vulnerable versions of d3-scale-chromatic
node_modules/@nivo/colors
@nivo/annotations *
Depends on vulnerable versions of @nivo/colors
Depends on vulnerable versions of @nivo/core
node_modules/@nivo/annotations
@nivo/legends >=0.56.0
Depends on vulnerable versions of @nivo/colors
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of d3-scale
node_modules/@nivo/legends
@nivo/tooltip *
Depends on vulnerable versions of @nivo/core
node_modules/@nivo/tooltip
@nivo/voronoi *
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of d3-scale
node_modules/@nivo/voronoi
@nivo/scales *
Depends on vulnerable versions of d3-scale
node_modules/@nivo/scales
d3-scale-chromatic 0.1.0 - 2.0.0
Depends on vulnerable versions of d3-color
Depends on vulnerable versions of d3-interpolate
node_modules/@nivo/colors/node_modules/d3-scale-chromatic
By installing only @nivo/geo
, the npm audit report is:
d3-color <3.1.0
Severity: high
d3-color vulnerable to ReDoS - https://github.com/advisories/GHSA-36jr-mh4h-2g58
fix available via `npm audit fix --force`
Will install @nivo/[email protected], which is a breaking change
node_modules/@nivo/colors/node_modules/d3-interpolate/node_modules/d3-color
node_modules/@nivo/colors/node_modules/d3-scale-chromatic/node_modules/d3-color
node_modules/d3-scale/node_modules/d3-color
d3-interpolate 0.1.3 - 2.0.1
Depends on vulnerable versions of d3-color
node_modules/@nivo/colors/node_modules/d3-interpolate
node_modules/d3-scale/node_modules/d3-interpolate
d3-scale 0.1.5 - 3.3.0
Depends on vulnerable versions of d3-interpolate
node_modules/d3-scale
@nivo/core *
Depends on vulnerable versions of @nivo/tooltip
Depends on vulnerable versions of d3-scale
node_modules/@nivo/core
@nivo/colors *
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of d3-scale
Depends on vulnerable versions of d3-scale-chromatic
node_modules/@nivo/colors
@nivo/geo *
Depends on vulnerable versions of @nivo/colors
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of @nivo/legends
Depends on vulnerable versions of @nivo/tooltip
node_modules/@nivo/geo
@nivo/legends >=0.56.0
Depends on vulnerable versions of @nivo/colors
Depends on vulnerable versions of @nivo/core
Depends on vulnerable versions of d3-scale
node_modules/@nivo/legends
@nivo/tooltip *
Depends on vulnerable versions of @nivo/core
node_modules/@nivo/tooltip
d3-scale-chromatic 0.1.0 - 2.0.0
Depends on vulnerable versions of d3-color
Depends on vulnerable versions of d3-interpolate
node_modules/@nivo/colors/node_modules/d3-scale-chromatic
from nivo.
Any fix for this?
from nivo.
Hi can we get this in? The vulnerability scan we are required to do is starting to cause issues.
from nivo.
Please include the non-vulnerable d3 packages on nivo, it would be very nice
from nivo.
Related Issues (20)
- extra space in long bar charts HOT 1
- Access Toogle Serie From Custom Layers HOT 1
- @nivo/line, @nivo/bar (v0.83.0): TypeError: undefined is not iterable (cannot read property Symbol(Symbol.iterator)) HOT 2
- Its very useful to provide tooltip for axis points also HOT 1
- Its very usefull to provide tooltip for axis points also. HOT 1
- Meteor dynamic module cant create d3-interpolate with nivo/core HOT 1
- Type mismatch: ResponsiveBar=> label
- MouseEnter and MouseLeave callbacks aren't called in BarCanvas HOT 2
- Toggle off lines on the chart based on the data. HOT 2
- Would like to set a custom color for each node in ResponsiveCirclePacking HOT 1
- Website crash on grid/axes details opening HOT 1
- Website Crash opening line chart axis (left,right,bottom) HOT 1
- Clicking on axisTop, axisRight is opening up a blank page. HOT 1
- Programmatically set the active datapoint on a LineChart and BarChart
- bar custom color using data label nivo HOT 1
- Custom tooltip component does not take zIndex prop from chart theme HOT 2
- Page break when expanding on tool tip container HOT 1
- How can I make a custom grid color according to a specific range of data value? HOT 2
- Get exact clicked data point in chart HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nivo.