d3-color version 1.4.1 vulnerability dependent with c3 latest version
mdinesh24 opened this issue · 0 comments
mdinesh24 commented
Issue:
- Upgrading d3-color to 3.1.0 from 1.4.1 with peer dependency of c3. But we are facing the following issue on upgrading
-
The latest version of c3 is 0.7.20 which will pull version 5.8.0 of d3-library which then will pull the d3-color version 0f 1.4.1 again.
-
Hence updating the d3-color to 3.1.0 needs the authors of the c3 library to make the c3 library have the latest library of d3.