Open nealpatel645 opened 1 year ago
When installing the latest version (2.6.0), it installs version 2.14.0 of plotly.js which has an indirect vulnerability: https://github.com/plotly/plotly.js/issues/6333
It looks like even latest version of plotly.js still uses d3-interpolate which depends on vulnerable d3-color.
When installing the latest version (2.6.0), it installs version 2.14.0 of plotly.js which has an indirect vulnerability: https://github.com/plotly/plotly.js/issues/6333
It looks like even latest version of plotly.js still uses d3-interpolate which depends on vulnerable d3-color.