Security issue in dependency Use of eval in "node_modules/lottie-web/build/player/lottie.js" is strongly discouraged as it poses security risks and may cause issues with minification. #381
I have an app using react three fiber, which depends on three.js and consequently on three-stdlib.
I'm auditing security and finding this issue in lottie-web, which is not maintained for a while, and this issue is not fixes even if there is a bunch of PR's from community. https://github.com/airbnb/lottie-web/issues/2927
I have an app using react three fiber, which depends on three.js and consequently on three-stdlib.
I'm auditing security and finding this issue in lottie-web, which is not maintained for a while, and this issue is not fixes even if there is a bunch of PR's from community. https://github.com/airbnb/lottie-web/issues/2927
I've created an issue in three.js
https://github.com/mrdoob/three.js/issues/29572
but was redirected to this repo.
Please get rid of lottie-web for next version release. using eval is very bad security issue.