search

Yoctol / react-d3-cloud

A word cloud react component built with d3-cloud.
https://yoctol.github.io/react-d3-cloud
MIT License
142 stars 47 forks source link

High severity vulnerabilities #164

Open carlosalvidrez opened 4 months ago

carlosalvidrez commented 4 months ago

Getting this error message: 

# npm audit report

d3-color  <3.1.0
Severity: high
d3-color vulnerable to ReDoS - https://github.com/advisories/GHSA-36jr-mh4h-2g58
fix available via `npm audit fix --force`
Will install react-d3-cloud@0.6.0, which is a breaking change
node_modules/react-d3-cloud/node_modules/d3-color
  d3-interpolate  0.1.3 - 2.0.1
  Depends on vulnerable versions of d3-color
  node_modules/react-d3-cloud/node_modules/d3-interpolate
    d3-scale  0.1.5 - 3.3.0
    Depends on vulnerable versions of d3-interpolate
    node_modules/react-d3-cloud/node_modules/d3-scale
      react-d3-cloud  >=0.5.0
      Depends on vulnerable versions of d3-scale
      Depends on vulnerable versions of d3-scale-chromatic
      node_modules/react-d3-cloud
    d3-scale-chromatic  0.1.0 - 2.0.0
    Depends on vulnerable versions of d3-color
    Depends on vulnerable versions of d3-interpolate
    node_modules/react-d3-cloud/node_modules/d3-scale-chromatic

5 high severity vulnerabilities