[Lottie Animations] The component is using an outdated version of the Javascript library

Back to Forums

Niels Favreau

Question

Reactive

Forge

Application Type

Reactive

Hello,
The component is using a github/Javascript lib version which is outdated for 4 years.
In general it is would not be that big of a problem, but the current version it's using has some security issues related with it, which have been fixed over time on newer versions.
(https://github.com/airbnb/lottie-web/blob/master/CHANGELOG.md)

The security findings are related to the use of an antipattern vurnable to XSS attacks.
One example:Is it possible to update the forge component to use the newer github version? Those vurnabilities are all fixed when using the newer version.

In the meantime we'll clone the component and fix it ourself while waiting for a forge update. (or you can also add me to the team and i'll help with the forge component)

Greetings,
Niels F.

26 Jul 2024

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.

See the full guidelines