Stein Setvik

We're seeing this as well. It broke our automated elastic beanstalk deployments via Github Actions. Issue I think is that the latest 3 versions of Pyrsistent were yanked (https://pypi.org/project/pyrsistent/#history), but...

Haven't dug into the code deep enough yet, but chatGPT suggested the following template for an approach to replacing `new Function(...)`: "One way to eliminate the new Function call and...

The two functions that call tryConvertExpr are: ```javascript function createSizeSetHandler(name, exprFunc) { return function (renderer) { // PENDING viewport size or window size var dpr = renderer.getDevicePixelRatio(); // PENDING If...

Took a shot at a PR, tested locally to ensure it produces the exact same output / results as the existing tryConvertExpr function.

Ditto. This is a security issue and blocker for us.

Update: the code is actually in a dependency of echarts-gl, claygl. The insecure code is here: https://github.com/pissang/claygl/blob/master/src/createCompositor.js#L294 Related issue in that repository is here: https://github.com/pissang/claygl/issues/133

+1 for @igalklebanov 's suggestion to support an array of table references: ``` db.updateTable(['person', 'pet']) .set({ 'person.status': 'Cat lady', 'pet.owner_id': uuid, }) .where('person.id', '=', uuid) .where('pet.owner_id', 'is', null) .where('pet.species', '=',...

Would be really valuable

Alternatively, is it possible to remove the need for inline styles, i.e. so that we don't need to put "unsafe-inline" in the "style-src" CSP directive?