[JOC-1434] Update d3-color to 3.1.0 due to 3rd Party vulnerability SNYK-JS-D3COLOR-1076592 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 2.5.0
Fix Version/s: 2.5.1
Component/s: None
Labels:
None

CVE-ID:
SNYK-JS-D3COLOR-1076592

Description

Current Situation

JS7 JOC Cockpit uses the d3-color 3rd-party package which is affected by a vulnerability. No CVE ID is currently known, see https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592.

As the vulnerability depends on user input, we rate this being low, as no user input can change the usage dynamically.

Desired Behavior

JS7 JOC Cockpit should use the updated version 3.1.0 of d3-color which fixes the issue.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2022-11-29-19-08-09-565.png
53 kB
29 November 2022 13:38

Activity

People

Assignee:: Sourabh Agrawal

Reporter:: Santiago Aucejo Petzoldt

Approver:: Pratishtha Pandey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 24 November 2022 09:46

Updated:: 21 December 2022 08:15

Resolved:: 25 November 2022 06:20