search

codesuki / react-d3-components

D3 Components for React
http://codesuki.github.io/react-d3-components/example.html
MIT License
1.63k stars 206 forks source link

NPM vulnerability #177

Open imjordanxd opened 3 years ago

imjordanxd commented 3 years ago

Attached directly from npm audit output:

Low Denial of Service
Package node-fetch
Patched in >=2.6.1 <3.0.0-beta.1|| >= 3.0.0-beta.9
Dependency of react-d3-components
Path react-d3-components > create-react-class > fbjs > isomorphic-fetch > node-fetch
More info https://npmjs.com/advisories/1556

Unfortunate transitive dependency. Unlikely to be updated?

imjordanxd commented 3 years ago

create-react-class has released a new version that no longer depends on fbjs. Can a patch of this package be released? @codesuki