It appears that the current version of react-simple-maps relies on a vulnerable version of another package, d3-color. My team and I are getting the following Dependabot Alert:
Dependabot cannot update d3-color to a non-vulnerable version
The latest possible version that can be installed is 2.0.0 because of the following conflicting dependencies:
react-simple-maps@3.0.0 requires d3-color@1 - 2 via a transitive dependency on d3-interpolate@2.0.1
react-simple-maps@3.0.0 requires d3-color@1 - 2 via a transitive dependency on d3-transition@2.0.0
No patched version available for d3-color
The earliest fixed version is 3.1.0.
react-simple-maps has to upgrade to d3-color version 3.1.0 or higher.
OleksiiKachan
commented
1 month ago
Hey there,
It appears that the current version of react-simple-maps relies on a vulnerable version of another package, d3-color. My team and I are getting the following Dependabot Alert:
react-simple-maps has to upgrade to d3-color version 3.1.0 or higher.