Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Panolens deprecation and security concerns #754

Open
biguz opened this issue Aug 2, 2023 · 1 comment
Open

Panolens deprecation and security concerns #754

biguz opened this issue Aug 2, 2023 · 1 comment
Labels
bug vendor Vendor dependency related

Comments

@biguz
Copy link

biguz commented Aug 2, 2023

I tried to build js code by npm.
My steps:
npm install fluid-player
npm install webpack
Here i got error

npm audit report

three <0.125.0
Severity: high
Denial of service in three - GHSA-fq6p-x6j3-cmmq
fix available via npm audit fix --force
Will install fluid-player@1.0.15, which is a breaking change
node_modules/three
panolens >=0.11.0
Depends on vulnerable versions of three
node_modules/panolens
fluid-player >=3.0.0
Depends on vulnerable versions of panolens
node_modules/fluid-player
3 high severity vulnerabilities

If i try to fix it by npm audit fix --force fluidplayer will rollback to 1.0.15
if i try to build it by npm run build i get error "npm ERR! Missing script: "build""
@leroybm leroybm changed the title Building js with npm trouble Panolens deprecation and security concerns Aug 4, 2023
@leroybm
Copy link
Contributor

leroybm commented Aug 4, 2023

Created an internal task to fix this

@leroybm leroybm added vendor Vendor dependency related and removed needs triage labels Aug 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug vendor Vendor dependency related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leroybm @biguz