Description
@looker/components@5.0.3 has a transitive dependency on d3-color@1.4.1 through d3-hsv@0.1.0.
d3-color versions < 3.1.0 are vulnerable to ReDoS (GHSA-36jr-mh4h-2g58).
Dependency chain
@looker/components → d3-hsv@0.1.0 → d3-color@1
Request
Please update d3-hsv to a version that uses d3-color >= 3.1.0
References
Description
@looker/components@5.0.3 has a transitive dependency on d3-color@1.4.1 through d3-hsv@0.1.0.
d3-color versions < 3.1.0 are vulnerable to ReDoS (GHSA-36jr-mh4h-2g58).
Dependency chain
@looker/components → d3-hsv@0.1.0 → d3-color@1
Request
Please update d3-hsv to a version that uses d3-color >= 3.1.0
References