For node red deployment process I need latest version of d3 library in my node red project.
currently I am using d3v3.min.js and node red working fine.but when I update or change file to d3v7.min.js node red show following error.
Error in navigator.js file and red.js.
d3 has changed massively (and incompatibly) over its major versions. so unless you also re-write all the Node-RED editor code, updating d3 is not going to work.
I have install Node red from git repo, and in that node red use this d3v3 library internaly.I have not use for my custom code.then how i rewrite node red internal editor code
For ISG Scanning our node red Project Before production deployment.They not allowed deprecated or oldest version of library to deploy on production env.
In which case, unless you re-write quite a lot of node-red, you will never have approval.
AFAIK d3 v3 is not a major security risk and a policy such as this "ISG Scanning" means you either have to re-write a lot of node-red code or you dont use node-red (which would be most unfortunate due to the amazing integration possibilities it provides).
I suspect also you will need to change the whole Node-RED project to ESM as well since the "GOT" library is currently pegged at V11.x but there is a newer v12.x release of GOT (that they changed to ESM only)
PS, if you DO implement all these changes, a contribution back to node-red via discussions and eventually PRs would be welcome. Everyone wins
NOTE: I will move the thread to the #development section of the forum where I believe it belongs.
Just a note to say that this problem is going to occur more and more as Node-RED gets adopted into enterprise environments.
For example, the NHS has a similar rule for production code as will many regulated industries.
This is a hard problem for any complex Node.js (or Python, C++, etc) application to manage. But it is essential for the protection of enterprise environments.
In the NHS, failure to do this can result in quite serious fallout that is managed at a national scale. It can result in cyber security accreditation being lost for example which is a requirement for all NHS organisations and their vendors.