I’m using d3-selection@3 and d3-transition@3 in my d3-custom package. I’m also using d3-selection-multi@1 package. But it’s dependency is d3-selection@1 and d3-transition@1 which cause reDoS vulnerability in d3-color Refer https://security.snyk.io/package/npm/d3-color. Is it possible to update the version in d3-selection-multi package.json and release a new version?
This module is obsolete, we recommend to migrate your code.
Could you please explain more clearly about migrating?
Where you have
.attrs({
title: "A cheery, timeless greeting.",
class: "greeting"
})
replace with
.attr("title", "A cheery, timeless greeting.")
.attr("class", "greeting")
See GitHub - d3/d3-selection-multi: Multi-value syntax for d3-selection and d3-transition.