-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm audit security report: several vulnerabilities found #2822
Comments
see #2386 (comment) |
and scijs/cwise#21 which unfortunately breaks plotly.js bundling. |
Okay, do you see a fix for it in the foreseeable future? |
As this issue only potentially affects plotly.js users that build their custom bundles that include gl3d trace types (which is a fairly low % of our users), no plotly.js team member will spend time on this in the short term. |
Ok, then I will close this issue. |
We're trying to make Plot.ly pass CI - is there a way to disable "custom bundles that include gl3d trace types" so that the vulnerabilities go away? |
@Queatz it should be possible to require only what you need. Please see https://github.com/plotly/plotly.js/#modules for details |
Running npm audit outputs the following:
It actually outputs more vulnerabilities but they are all related to static-eval.
Is this something that can be fixed for the next version?
The text was updated successfully, but these errors were encountered: