Vulnerability in d3/color - requires upgrade to v3.1.0

[justenPalmer]

Snyk uncovered a security issue with a Nivo dependency (d3/color) fixed in version v3.1.0. Could we get you guys to update this dependency?

Thank you for all you guys are doing with this project. It's a great data visualization engine and I look forward to using it more.

[captainamerican]

I submitted an issue months ago and they attempted to push through a fix which didn't. Life's hard, so I'm not going to dump on an open source project for blah, blah, and blah. Here's what worked for me while they get this cleaned up:

Add this to your package.json:

"overrides": {
  "d3-color": "3.1.0"
},

[awais-codes]

I submitted an issue months ago and they attempted to push through a fix which didn't. Life's hard, so I'm not going to dump on an open source project for blah, blah, and blah. Here's what worked for me while they get this cleaned up:

Add this to your package.json:

"overrides": {
  "d3-color": "3.1.0"
},

It would be nice to know what version of nivo libs are you using? I am on 0.83 and this did not fix the issue for me.

[plouc]

Should be fixed by #2461, but not released yet.

[plouc]

Should be fixed in 0.83.1.

[cythrawll]

This is still broken as @nivo/color is pulling in an old d3-chromatic-scale which is pulling in a vulnerable d3-color.