search

nagi1 / hill-chart

Basecamp's hill chart implementation in d3.js
MIT License
49 stars 18 forks source link

hill-chart depends on insecure upstream packages #41

Open savar opened 6 months ago

savar commented 6 months ago

hill-chart depends on an older version of d3-color which can only be fixed by switching to a newer version

is there any plan to upgrade the hill-chart package to update all the dependencies to their latest versions (or at least the ones having critical security issues like d3-color)?

nagi1 commented 6 months ago

Please feel free to submit a PR and make the tests pass and will merge it instantly.

On Fri, Apr 19, 2024 at 11:36 AM Simon Effenberg @.***> wrote:

hill-chart depends on an older version of d3-color which can only be fixed by switching to a newer version

is there any plan to upgrade the hill-chart package to update all the dependencies to their latest versions (or at least the ones having critical security issues like d3-color https://github.com/advisories/GHSA-36jr-mh4h-2g58)?

— Reply to this email directly, view it on GitHub https://github.com/nagi1/hill-chart/issues/41, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD6Q4HHULS5JYJWKPR4DS2LY6DQQLAVCNFSM6AAAAABGO23XS6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGI2TENJTGI4DMMY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

savar commented 6 months ago

I tried that, but see my comments there.

savar commented 5 months ago

@nagi1 do you have time to check the PR?

scurth commented 2 months ago

I wanted to follow up on this PR as it's been a few months since the last update. Is there anything I can assist with to help move things forward?