npm audit security report: several vulnerabilities found #2822
Comments
|
see #2386 (comment) |
|
and scijs/cwise#21 which unfortunately breaks plotly.js bundling. |
|
Okay, do you see a fix for it in the foreseeable future? |
|
As this issue only potentially affects plotly.js users that build their custom bundles that include gl3d trace types (which is a fairly low % of our users), no plotly.js team member will spend time on this in the short term. |
|
Ok, then I will close this issue. |
|
We're trying to make Plot.ly pass CI - is there a way to disable "custom bundles that include gl3d trace types" so that the vulnerabilities go away? |
|
@Queatz it should be possible to require only what you need. Please see https://github.com/plotly/plotly.js/#modules for details |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Running npm audit outputs the following:
It actually outputs more vulnerabilities but they are all related to static-eval.
Is this something that can be fixed for the next version?
The text was updated successfully, but these errors were encountered: