Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump d3 packages to latest version #1836

Merged
merged 1 commit into from
Jun 13, 2023

Conversation

mgilroy
Copy link
Contributor

@mgilroy mgilroy commented Jan 12, 2023

Resolve npm audit failures

What kind of change does this PR introduce? (check one with "x")

  • [ x] Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Other... Please describe:

What is the current behavior? (You can also link to an open issue here)

d3 packages are out of date and result in npm audit failures.

#1830

What is the new behavior?
Increase version for d3-array, d3-brush, d3-ease, d3-format, d3-hierarchy, d3-interpolate, d3-scale, d3-selection, d3-shape, d3-transition, moment-timezone

Does this PR introduce a breaking change? (check one with "x")

  • Yes
  • [x ] No

If this PR contains a breaking change, please describe the impact and migration path for existing applications: ...

Other information:

Resolve npm audit failures
@daiscog
Copy link

daiscog commented Mar 12, 2023

@jogaj is this something you can help get merged?

@Blackbaud-TrevorBurch
Copy link

@marjan-georgiev @AgustinFi @brantw @parayacr @seandgrimes (the currently listed members of the Swimlane org) - could any of you help get this merged and released? This library has been reporting high transitive security vulnerabilities since at least mid December and this PR would address that and has now been siting since January. Thanks for any help you can give :)

@Blackbaud-TrevorBurch
Copy link

@drazafsky it appears you had a valid review on #1863 that @surya-pabbineedi did. Any way you could glance at this? These warnings would be nice to get out of and this has now been sitting for six months.

@daiscog
Copy link

daiscog commented Jun 12, 2023

It's a bit concerning that Swimlane - a company operating in the security sector - is being so lax at applying security patches in the supply chain of a software component they own & maintain...

@surya-pabbineedi surya-pabbineedi merged commit 694f507 into swimlane:master Jun 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants