While performing security scan of my application I discovered that when I install
panel, it also installs some vulnerable js packages, like
jQuery 3.4.1. It has a known vulnerability CVE-2020-11023. This vulnerability was already fixed in
The jQuery files are located inside panel directory:
# find /opt/conda -name *jquery* /opt/conda/lib/python3.7/site-packages/panel/dist/bundled/plotlyplot/jquery-3.4.1.min.js /opt/conda/lib/python3.7/site-packages/panel/dist/bundled/goldentemplate/jquery-1.11.1.min.js /opt/conda/lib/python3.7/site-packages/panel/dist/bundled/bootstraptemplate/jquery-3.4.1.slim.min.js
Is there a way of controlling versions of js packages required by panel? How could I change them?