Security issue in dependency Use of eval in "node_modules/lottie-web/build/player/lottie.js" is strongly discouraged as it poses security risks and may cause issues with minification.

[JustFly1984]

I have an app using react three fiber, which depends on three.js and consequently on three-stdlib.

I'm auditing security and finding this issue in lottie-web, which is not maintained for a while, and this issue is not fixes even if there is a bunch of PR's from community. airbnb/lottie-web#2927

I've created an issue in three.js

mrdoob/three.js#29572

but was redirected to this repo.

Please get rid of lottie-web for next version release. using eval is very bad security issue.

[m-heyda]

any news? Issue still persist I guess

[TymonZ]

any news?

[joaomelorodrigues]

Looking for this too!

[github-actions]

🎉 This issue has been resolved in version 2.35.15 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀