Two security vulnerabilities in plotlywidget dependencies: minimist@0.0.8 and static-eval@0.2.4

While trying to install the latest (4.6.0) plotlywidget (edit: also jupyterlab-plotly), my company's automated procurement system flagged three security issues in two of your dependencies.
 
- minimist@0.0.8
  - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
 
- static-eval@0.2.4
  - https://snyk.io/vuln/SNYK-JS-STATICEVAL-173693
  - https://snyk.io/vuln/SNYK-JS-STATICEVAL-10826
 
Could you please update these? For the moment, these vulns means that plotlywidget is a no-go for us.

Also, I just opened essentially the same issue on plotly/jupyterlab-chart-editor#47, which has identical vuln issues.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Two security vulnerabilities in plotlywidget dependencies: minimist@0.0.8 and static-eval@0.2.4 #2385

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Two security vulnerabilities in plotlywidget dependencies: minimist@0.0.8 and static-eval@0.2.4 #2385

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions