-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Home
Coltin Kifer edited this page Dec 30, 2022
·
10 revisions
- d3 upgraded their libraries to be ESM only - this means that any consumer of recharts that upgraded to these patch versions of recharts that used jest or next in their projects also broke as those libraries don't support ESM. We reverted this change in 2.1.15+ due to breaking our consumers.
- Due to reverting the above, we have been on d3-color@2 which includes a ReDos security vulnerability - issue link
- A non-breaking change is being worked on by replacing
d3libraries withvictory-vendor/d3-*. Please see this blogpost from victory about them facing this issue and open sources a cjs solution to the problem.-
victory-vendortakes some select d3 libraries at their latest -> converts them from ESM to CJS -> then adds them back to npm. This is what we are using to prevent breaking our consumers.
-
- PR for vulnerability fix
- recharts is still very much built on d3 libraries. Please see the two questions above this one. We had to be able to upgrade d3 (to avoid security vulnerabilities without breaking our consumers.
-
victory-vendoris a commonjs proxy to d3@latest published by the victory team. This allowed us to upgrade d3 without breaking those using jest or next.
- The original creators of recharts have been extremely busy and haven't had time to spend on this library which has grown increasingly popular. As of December 2022 some contributors have come on board and started making changes. Most members are contributing out of their own time and effort, we ask that you please be mindful of that while we try to solve some of the pressing issues in the library.