d3-hsv icon indicating copy to clipboard operation
d3-hsv copied to clipboard
verified publisher icon d3

Update to d3-color 3.1.0

Open Levdbas opened this issue 2 years ago • 3 comments

Hi @Fil ,

Since there are two high vulnerabilities found in the current version used of [d3-color](https://github.com/d3/d3-color) , could you update this package as well? Thank you in advance!

Levdbas avatar May 24 '23 08:05 Levdbas

Are you suggesting we change "1" to "1 - 3" here? https://github.com/d3/d3-hsv/blob/c28d977f9ff194932814a641963d0cbcc274168a/package.json#LL24C1-L26C5

Fil avatar May 24 '23 08:05 Fil

Hi, yes if that is the best way to make it backwards compatible and still address the security issues for most people, great!

Levdbas avatar May 24 '23 12:05 Levdbas

Hi @Fil -- I see this was marked as completed, but I don't see any associated change and it looks like the package is still relying on the old d3-color package. Was the change ever deployed?

johnnycopes avatar Jun 11 '24 16:06 johnnycopes