Closed gmc77 closed 3 years ago
can you confirm where d3-color is being used?
Apologies, missed the question when it was raised.
We're not using it directly, and neither is Carbon, but in Carbon Charts imports d3, which imports d3-color
Have raised a carbon charts issue https://github.com/carbon-design-system/carbon-charts/issues/1069
Known vulnerability in d3-colour: Regular Expression Denial of Service (ReDoS)
What package(s) are you using?
carbon-components-react
Detailed description
As flagged by Snyk when we use Carbon in our product.
See https://snyk.io/vuln/SNYK-JS-D3COLOR-1076592 for details. It can be fixed by upgrading to later versions of d3
Steps to reproduce the issue
Run Snyk against a Carbon application