Closed cgonzalezp91 closed 3 years ago
goto-bus-stop
commented
3 years ago static-eval is essential to the operation of this module. The evaluate function is used throughout index.js.
Since the vulnerability report from last month is invalid, I guess you can ignore it?
cgonzalezp91
commented
3 years ago Sadly because the vulnerability is still on in npm whenever we do the install, the application that blocks this type of packages is blocking it, we already did some things to keep using it, but this are just temporary solutions until or it’s fixed or we change the package. Somehow when I looked into the code I didn’t see all the parts where is being used. Thanks anyway, we will see what we can do
Hello everyone. Any chances that static-eval can be removed as a dependency, so we can keep using this module without being blocked because of the vulnerability issue that static-eval is facing?
I check the code and static-eval is not being used, or at least I didn’t find it anywhere.
Thank you