Upgrade vis to 5.0.0 to avoid security violation #22765
Conversation
|
This should be upgraded through package.json. This PR is invalid in that regard |
|
Only sorta related question @wendigo .. why are those files in git anyway? |
|
also fyi @colebow and @emilysunaryo |
|
This is gonna be a bigger task since you will probably have to figure out what dependency specifically must be added .. and maybe we can even get rid of the checked in code in the vendor folder. Also note .. latest version of vis varies across components. For example https://www.npmjs.com/package/vis-data compared to https://www.npmjs.com/package/vis-network I think you might need to either add them as declared dependencies in package.json or see from the transitive dependency tree where it is inherited from and upgrade that component. Also note that the yarn.lock file already points as viz-data 5.0.0 .. so maybe the checked in file in dist should just be deleted and it might be correct then. |
|
@mosabua idk. They were always checked in |
|
#22785 should resolve this issue. |
|
Replaced by #22831 |
Vis.js is a dynamic, browser-based visualization library. It is designed to handle large amounts of dynamic data and to enable manipulation of and interaction with the data. The library consists of different components, including Network, Timeline, Graph2d, Graph3d, and DataSet.
Here are a few use cases for each:
Network: Used for visualizing and interacting with networked structures, like organizational structures or any sort of linked data.
Timeline: Used for interactive timelines.
Graph2d: Used for creating 2D graphs.
Graph3d: Used for creating 3D graphs.
DataSet: Used for handling and manipulating unstructured data.
upgraded vis version to 5.0.0.
Description
Additional context and related issues
Release notes
( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text: