Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm audit security report: several vulnerabilities found #2822

Closed
RosarioAleCali opened this issue Jul 18, 2018 · 7 comments
Closed

npm audit security report: several vulnerabilities found #2822

RosarioAleCali opened this issue Jul 18, 2018 · 7 comments

Comments

@RosarioAleCali
Copy link

Running npm audit outputs the following:
screenshot from 2018-07-17 22-15-14
It actually outputs more vulnerabilities but they are all related to static-eval.
Is this something that can be fixed for the next version?

@etpinard
Copy link
Contributor

see #2386 (comment)

@etpinard
Copy link
Contributor

and scijs/cwise#21 which unfortunately breaks plotly.js bundling.

@RosarioAleCali
Copy link
Author

Okay, do you see a fix for it in the foreseeable future?

@etpinard
Copy link
Contributor

As this issue only potentially affects plotly.js users that build their custom bundles that include gl3d trace types (which is a fairly low % of our users), no plotly.js team member will spend time on this in the short term.

@RosarioAleCali
Copy link
Author

Ok, then I will close this issue.

@Queatz
Copy link

Queatz commented Jun 24, 2019

We're trying to make Plot.ly pass CI - is there a way to disable "custom bundles that include gl3d trace types" so that the vulnerabilities go away?

@antoinerg
Copy link
Contributor

@Queatz it should be possible to require only what you need. Please see https://github.com/plotly/plotly.js/#modules for details

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants