Skip to content

Two security vulnerabilities in jupyterlab-ploty dependencies: minimist@0.0.8 and static-eval@0.2.4 #2386

New issue
New issue
Closed
Closed
Two security vulnerabilities in jupyterlab-ploty dependencies: minimist@0.0.8 and static-eval@0.2.4#2386
@telamonian

Description

@telamonian
telamonian
opened on Apr 15, 2020

It's the same issue as #2385 and plotly/jupyterlab-chart-editor#47, and it's about the same vulnerable dependencies:

While trying to install the latest (4.6.0) jupyterlab-ploty, my company's automated procurement system flagged three security issues in two of your dependencies.

minimist@0.0.8
    https://snyk.io/vuln/SNYK-JS-MINIMIST-559764

static-eval@0.2.4
    https://snyk.io/vuln/SNYK-JS-STATICEVAL-173693
    https://snyk.io/vuln/SNYK-JS-STATICEVAL-10826

Could you please update these? For the moment, these vulns means that jupyterlab-ploty is a no-go for us.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions