-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Home
Coltin Kifer edited this page Dec 30, 2022
·
10 revisions
- d3 upgraded their libraries to be ESM only - this means that any consumer of recharts that upgraded to these patch versions of recharts that used jest or next in their projects also broke as those libraries don't support ESM. We reverted this change in 2.1.15+ due to breaking our consumers.
- Due to reverting the above, we have been on d3-color@2 which includes a ReDos security vulnerability - issue link
- A non-breaking change is being worked on by replacing
d3
libraries withvictory-vendor/d3-*
. Please see this blogpost from victory about them facing this issue and open sources a cjs solution to the problem.-
victory-vendor
takes some select d3 libraries at their latest -> converts them from ESM to CJS -> then adds them back to npm. This is what we are using to prevent breaking our consumers.
-
- PR for vulnerability fix