Hi!
We`re currently using 'react-simple-map' in our project, and noticed that it indirectly depends on 'd3-color'.
This version of 'd3-color' is affected by a vulnerability classified as CWE-400: Uncontrolled Resource Consumption. The issue has been reported in our audit tools
The issue is fixed in d3-color@3.1.0, but react-simple-maps depends on packages (like d3-interpolate) that still pull in the vulnerable version.
Hi!
We`re currently using 'react-simple-map' in our project, and noticed that it indirectly depends on 'd3-color'.
This version of 'd3-color' is affected by a vulnerability classified as CWE-400: Uncontrolled Resource Consumption. The issue has been reported in our audit tools
The issue is fixed in d3-color@3.1.0, but react-simple-maps depends on packages (like
d3-interpolate) that still pull in the vulnerable version.