You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a bit frustrating: I run npm audit automatically in my project to catch CVEs. For a few days now this is always red, because the dependency tree of d3 contains an old d3-color version, that is affected by this vulnerability.
This old version of d3-color is pulled in via dagre-d3 which is totally unmaintained and no update can be expected.
How can this be fixed?
The text was updated successfully, but these errors were encountered:
This is a bit frustrating: I run
npm audit
automatically in my project to catch CVEs. For a few days now this is always red, because the dependency tree ofd3
contains an oldd3-color
version, that is affected by this vulnerability.This old version of
d3-color
is pulled in viadagre-d3
which is totally unmaintained and no update can be expected.How can this be fixed?
The text was updated successfully, but these errors were encountered: