Error in Upgrade d3v3.min.js into d3v7 version

For node red deployment process I need latest version of d3 library in my node red project.
currently I am using d3v3.min.js and node red working fine.but when I update or change file to d3v7.min.js node red show following error.
Error in navigator.js file and red.js.

How I Update the d3 library version.

d3 has changed massively (and incompatibly) over its major versions. so unless you also re-write all the Node-RED editor code, updating d3 is not going to work.

why do you actually NEED d3 v7?

I have install Node red from git repo, and in that node red use this d3v3 library internaly.I have not use for my custom code.then how i rewrite node red internal editor code

it is still unclear why you want d3 v7 - can you clarify what you are attempting to do? There may be a different solution or direction.

For ISG Scanning our node red Project Before production deployment.They not allowed deprecated or oldest version of library to deploy on production env.

1 Like

In which case, unless you re-write quite a lot of node-red, you will never have approval.

AFAIK d3 v3 is not a major security risk and a policy such as this "ISG Scanning" means you either have to re-write a lot of node-red code or you dont use node-red (which would be most unfortunate due to the amazing integration possibilities it provides).

I suspect also you will need to change the whole Node-RED project to ESM as well since the "GOT" library is currently pegged at V11.x but there is a newer v12.x release of GOT (that they changed to ESM only)

PS, if you DO implement all these changes, a contribution back to node-red via discussions and eventually PRs would be welcome. Everyone wins :slight_smile:

NOTE: I will move the thread to the #development section of the forum where I believe it belongs.

Just a note to say that this problem is going to occur more and more as Node-RED gets adopted into enterprise environments.

For example, the NHS has a similar rule for production code as will many regulated industries.

This is a hard problem for any complex Node.js (or Python, C++, etc) application to manage. But it is essential for the protection of enterprise environments.

In the NHS, failure to do this can result in quite serious fallout that is managed at a national scale. It can result in cyber security accreditation being lost for example which is a requirement for all NHS organisations and their vendors.

1 Like