Please update d3-color dependency to >=3.1.0 (security fix) #383
Description
The current version of react-simple-maps depends on d3-color@2.x, which is vulnerable to a Regular Expression Denial of Service (ReDoS).
- Affected package: d3-color (<3.1.0)
- Patched version: 3.1.0
- Root cause: react-simple-maps pins d3-color@2.x, preventing Dependabot from upgrading.
Request:
Please bump the dependency to d3-color@^3.1.0 (or a compatible range) so downstream projects can patch the vulnerability.
References:
- npm advisory for d3-color
- Dependabot alert showing incompatibility.
Thanks for maintaining this project!