For node red deployment process I need latest version of d3 library in my node red project.
currently I am using d3v3.min.js and node red working fine.but when I update or change file to d3v7.min.js node red show following error.
Error in navigator.js file and red.js.
How I Update the d3 library version.
d3 has changed massively (and incompatibly) over its major versions. so unless you also re-write all the Node-RED editor code, updating d3 is not going to work.
why do you actually NEED d3 v7?
I have install Node red from git repo, and in that node red use this d3v3 library internaly.I have not use for my custom code.then how i rewrite node red internal editor code
it is still unclear why you want d3 v7 - can you clarify what you are attempting to do? There may be a different solution or direction.
For ISG Scanning our node red Project Before production deployment.They not allowed deprecated or oldest version of library to deploy on production env.
In which case, unless you re-write quite a lot of node-red, you will never have approval.
AFAIK d3 v3 is not a major security risk and a policy such as this "ISG Scanning" means you either have to re-write a lot of node-red code or you dont use node-red (which would be most unfortunate due to the amazing integration possibilities it provides).
I suspect also you will need to change the whole Node-RED project to ESM as well since the "GOT" library is currently pegged at V11.x but there is a newer v12.x release of GOT (that they changed to ESM only)
PS, if you DO implement all these changes, a contribution back to node-red via discussions and eventually PRs would be welcome. Everyone wins 
NOTE: I will move the thread to the #development section of the forum where I believe it belongs.
Just a note to say that this problem is going to occur more and more as Node-RED gets adopted into enterprise environments.
For example, the NHS has a similar rule for production code as will many regulated industries.
This is a hard problem for any complex Node.js (or Python, C++, etc) application to manage. But it is essential for the protection of enterprise environments.
In the NHS, failure to do this can result in quite serious fallout that is managed at a national scale. It can result in cyber security accreditation being lost for example which is a requirement for all NHS organisations and their vendors.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy
