d3-color version 1.4.1 vulnerability dependent with c3 latest version

mdinesh24 opened this issue a year ago · 0 comments

mdinesh24 commented a year ago

Issue:

Upgrading d3-color to 3.1.0 from 1.4.1 with peer dependency of c3. But we are facing the following issue on upgrading

The latest version of c3 is 0.7.20 which will pull version 5.8.0 of d3-library which then will pull the d3-color version 0f 1.4.1 again.
Hence updating the d3-color to 3.1.0 needs the authors of the c3 library to make the c3 library have the latest library of d3.