You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'd recommend not using the tgz directly because it can't be audited like a package by automated tooling.
You're also probably going to want to manually search your lockfile after adding the override to make sure vulnerable versions of d3-color are expunged; there are some versions of npm (<8.7, I believe) where lockfile generation for overrides was broken so it would not be properly expunged and you will trip automated vulnerability checkers even with the override added properly in package.json.
Please, would it be possible to backport the fix made in #100 to d3-color 1.x ?
There are multiple people, who would be happy for this backport.
The text was updated successfully, but these errors were encountered: