Merge pull request #646 from davidradl/git645

git645 address vulnerabilities
odpi · Mar 29, 2023 · 3202c2e · 3202c2e
2 parents e65160e + 114819e
commit 3202c2e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/cra-client/package.json b/cra-client/package.json
@@ -16,7 +16,7 @@
     "carbon-components-react": "^7.50.0",
     "carbon-icons": "^7.0.7",
     "core-js": "^3.20.0",
-    "d3": "^6.7.0",
+    "d3": "^7.8.3",
     "date-fns": "^2.27.0",
     "fibers": "^5.0.0",
     "joi": "^17.5.0",

diff --git a/docs/security-fixes.md b/docs/security-fixes.md
@@ -8,12 +8,15 @@ npm audit fix should run regularly on cra-client and cra-server. This should fix
 
 ## Current limitations
 
+
 None
 * cra-server - ```npm audit``` has 0 vulnerabilities
 * cra-client - ```npm audit --prod``` has 0 vulnerabilities
 
 
-As of 02/02/22 (latest activity first)
+As of 28/03/23 (latest activity first)
+
+* 28/03/23 updated d3 to 2.0 - npm audit said this was a breaking change but it seemed to work. 
 
 * 02/02/22 We decided to revert the forced resolutions and suggest that ```npm audit --prod``` should be run. This only checks production considerations. Pr https://github.com/odpi/egeria-react-ui/pull/347 moved the react-scripts and postcss depenancies mentioned below to be dev dependancies. For cra-client this gives 0 vulnerabilities.