Security issue in dependency Use of eval in "node_modules/lottie-web/build/player/lottie.js" is strongly discouraged as it poses security risks and may cause issues with minification.

[JustFly1984]

I have an app using react three fiber, which depends on three.js and consequently on three-stdlib.

I'm auditing security and finding this issue in lottie-web, which is not maintained for a while, and this issue is not fixes even if there is a bunch of PR's from community. https://github.com/airbnb/lottie-web/issues/2927

I've created an issue in three.js

https://github.com/mrdoob/three.js/issues/29572

but was redirected to this repo.

Please get rid of lottie-web for next version release. using eval is very bad security issue.