search

markmarkoh / datamaps

Customizable SVG map visualizations for the web in a single Javascript file using D3.js
http://datamaps.github.io
MIT License
3.78k stars 1.01k forks source link

Getting Vulnerability Reported from NPM #485

Open Dave3of5 opened 5 years ago

Dave3of5 commented 5 years ago

I'm getting a vulnerability reported when running npm audit with v 0.5.9:

                       === npm audit security report ===

                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance

  Moderate        Sandbox Breakout / Arbitrary Code Execution

  Package         static-eval

  Patched in      No patch available

  Dependency of   datamaps [dev]

  Path            datamaps > topojson > d3-geo-projection > brfs >
                  static-module > static-eval

  More info       https://nodesecurity.io/advisories/758

found 1 moderate severity vulnerability in 92222 scanned packages
  1 vulnerability requires manual review. See the full report for details.

Seems to be coming from topojson would you be able to update this dependency ?

gaurav-quasar commented 5 years ago

Any plans to get this vulnerability resolved?

Dave3of5 commented 5 years ago

@markmarkoh Did you get the notification for this ?