This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- front/package.json
- front/package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **586/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-D3COLOR-1076592](https://snyk.io/vuln/SNYK-JS-D3COLOR-1076592) | No | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: @nivo/core
The new version differs by 250 commits.
6dc6636 fix(pie): use readonly arrays for props as the library does not modify them
5306106 fix(bar): use readonly arrays for props as the library does not modify them
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/roy-czb/project/75830231-34d2-46b8-a2fd-8cd9ec2d9410?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/roy-czb/project/75830231-34d2-46b8-a2fd-8cd9ec2d9410?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"13253ad3-ffb6-4f86-aa76-7c9c2387d5a9","prPublicId":"13253ad3-ffb6-4f86-aa76-7c9c2387d5a9","dependencies":[{"name":"@nivo/core","from":"0.73.0","to":"0.85.1"},{"name":"@nivo/line","from":"0.73.0","to":"0.85.1"}],"packageManager":"npm","projectPublicId":"75830231-34d2-46b8-a2fd-8cd9ec2d9410","projectUrl":"https://app.snyk.io/org/roy-czb/project/75830231-34d2-46b8-a2fd-8cd9ec2d9410?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-D3COLOR-1076592"],"upgrade":["SNYK-JS-D3COLOR-1076592"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[586],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - front/package.json - front/package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **586/1000****Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-D3COLOR-1076592](https://snyk.io/vuln/SNYK-JS-D3COLOR-1076592) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @nivo/core
The new version differs by 250 commits.- 06bb46f v0.85.1
- fd32038 feat(deps): upgrade d3-scale due to vulnerability
- 800db37 fix(tooltip): avoid a flash effect and weird initial transition (#2480)
- 4ab05e2 v0.85.0
- 68375a1 fix(dependencies): fix peer dependencies (#2528)
- 193a4ce fix(line): use readonly arrays for props as the library does not modify them (#2494)
- 0ab8f73 fix(marimekko): use readonly arrays for props as the library does not modify them (#2493)
- a90a6cc feat(line): add support for touch events + crosshair (#2524)
- d74996a fix(website): fix tooltip default color in the theming guide (#2521)
- 44d8967 Fix: add initial property for truncateTickAt (#2504)
- c741a88 chore: upgrade d3-color and d3-scale-chromatic
- bc18832 fix(sankey): update onClick types in sankey chart to respect generics (#2509)
- d87af09 set default props inside components
- 0bc2fe8 refactor default props to fix error message
- 71f3496 v0.84.0
- 4fa26a2 feat(pie): add support for forwarding legend data
- a1a774d feat(pie): fix typings
- 238e8d1 feat(pie): migrate unit tests to react-test-renderer
- 401dcf1 feat(pie): add the ability to programmatically control the activeId for the canvas implementation
- 513a1c8 feat(pie): document new properties for controlling the activeId
- de33c89 feat(pie): add the ability to programmatically control the activeId
- cba9500 Fix Bar SSR
- 6dc6636 fix(pie): use readonly arrays for props as the library does not modify them
- 5306106 fix(bar): use readonly arrays for props as the library does not modify them
See the full diffPackage name: @nivo/line
The new version differs by 250 commits.- 06bb46f v0.85.1
- fd32038 feat(deps): upgrade d3-scale due to vulnerability
- 800db37 fix(tooltip): avoid a flash effect and weird initial transition (#2480)
- 4ab05e2 v0.85.0
- 68375a1 fix(dependencies): fix peer dependencies (#2528)
- 193a4ce fix(line): use readonly arrays for props as the library does not modify them (#2494)
- 0ab8f73 fix(marimekko): use readonly arrays for props as the library does not modify them (#2493)
- a90a6cc feat(line): add support for touch events + crosshair (#2524)
- d74996a fix(website): fix tooltip default color in the theming guide (#2521)
- 44d8967 Fix: add initial property for truncateTickAt (#2504)
- c741a88 chore: upgrade d3-color and d3-scale-chromatic
- bc18832 fix(sankey): update onClick types in sankey chart to respect generics (#2509)
- d87af09 set default props inside components
- 0bc2fe8 refactor default props to fix error message
- 71f3496 v0.84.0
- 4fa26a2 feat(pie): add support for forwarding legend data
- a1a774d feat(pie): fix typings
- 238e8d1 feat(pie): migrate unit tests to react-test-renderer
- 401dcf1 feat(pie): add the ability to programmatically control the activeId for the canvas implementation
- 513a1c8 feat(pie): document new properties for controlling the activeId
- de33c89 feat(pie): add the ability to programmatically control the activeId
- cba9500 Fix Bar SSR
- 6dc6636 fix(pie): use readonly arrays for props as the library does not modify them
- 5306106 fix(bar): use readonly arrays for props as the library does not modify them
See the full diff