Dependencies of G6 causing Operational violations in our product - duplicate

[brishable]

Hello,

We use Antv G6 in our product as a dependency. We scan our product and its dependencies for license, security, and operational violations.

G6 was flagged for an operational violation because it is using two components (polyline-miter-util - version 1.0.1, polyline-normals - version 2.0.2). The latest version of these libraries are being used by G6 but unfortunately these versions were released 7 years ago. As a result of very old releases they are flagged as operational violations.

A clean report from the aforementioned scans for license, security, and operational violations is mandatory for our product's release and hence we are getting affected.

We request you to address the use of these old libraries in G6.

[cliffordfajardo]

@brishable - do you know why those 2 package's (polyline-miter-util - version 1.0.1, polyline-normals - version 2.0.2) are being flagged?

Have you tried reaching out to the creator of those 2 packages?
Maybe you can fork the two packages, make a small pull request and then maybe it might make it easier to see if G6 team can upgrade those packages?