From d13a268427b643eb0162ecca7e616a932dd9c145 Mon Sep 17 00:00:00 2001 From: Evan Mattiza Date: Mon, 5 Dec 2022 12:44:01 -0600 Subject: [PATCH] fix: d3-color redos version patch (#331) overrides the version of d3-color used by d3-scale -> d3-interpolate to use 3.1.0, which remediates https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592 --- package.json | 5 ++++- yarn.lock | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index c73a5241..1e00d9f5 100644 --- a/package.json +++ b/package.json @@ -138,5 +138,8 @@ "d3-time": "^2.1.1", "d3-time-format": "^4.1.0", "ts-toolbelt": "^9.6.0" + }, + "resolutions": { + "d3-scale/d3-interpolate/d3-color": "^3.1.0" } -} +} \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 9863672a..2a7eb910 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2523,10 +2523,10 @@ d3-array@2, d3-array@^2.12.1, d3-array@^2.3.0: dependencies: internmap "1 - 2" -"d3-color@1 - 2": - version "2.0.0" - resolved "https://registry.npmjs.org/d3-color/-/d3-color-2.0.0.tgz" - integrity sha512-SPXi0TSKPD4g9tw0NMZFnR95XVgUZiBH+uUTqQuDu1OsE2zomHU7ho0FISciaPvosimixwHFl3WHLGabv6dDgQ== +"d3-color@1 - 2", d3-color@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/d3-color/-/d3-color-3.1.0.tgz#395b2833dfac71507f12ac2f7af23bf819de24e2" + integrity sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA== d3-delaunay@5.3.0: version "5.3.0"