Static-eval security issue reported by npm audit #4407
Comments
|
Duplicate of scijs/cwise#19 |
|
@etpinard You are referring to an issue that is 2 years old, the PR ( scijs/cwise#25 ) that is meant to fix the security vulnerability has had no meaningful update or discussion since Jul 25, 2019. At this point I think it's fair to assume the vulnerability will not be fixed at cwise's side, and I suggest looking into alternatives. |
Ionaru
added a commit
to Ionaru/EVIE
that referenced
this issue
Mar 30, 2020
Maybe re-evaluate when plotly/plotly.js#4407 is resolved.
|
Why is this issue closed? There are still security issues with cwise. They may not cause direct issues with this repo, but at some point a non-maintained dependency with security issues should be fixed or replaced. |
|
We're tracking this in #4796 now :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To reproduce, install plotly.js in a project, and run
npm audit.Expected outcome: no security issues.
Actual outcome: reports an issue due to the version of static-eval linked to in the package.
Fix: update the static-eval version to >= 2.0.2. See https://www.npmjs.com/advisories/758
There are 16 security alerts generated, but they all refer to the same issue, as shown in the attached image.
The text was updated successfully, but these errors were encountered: