When installing the latest version (2.6.0), it installs version 2.14.0 of plotly.js which has an indirect vulnerability: plotly/plotly.js#6333
It looks like even latest version of plotly.js still uses d3-interpolate which depends on vulnerable d3-color.
When installing the latest version (2.6.0), it installs version 2.14.0 of plotly.js which has an indirect vulnerability: plotly/plotly.js#6333
It looks like even latest version of plotly.js still uses d3-interpolate which depends on vulnerable d3-color.