The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.
If possible, can the project be bumped to use the latest d3 versions?
From dependabot
If possible, can the project be bumped to use the latest d3 versions?