A bug on secured sites: please upgrade dependency zip.js to version 2.7.0 or higher #11526
Comments
ramtob
changed the title
|
Hi there, thanks for reporting this! We have a specific version of zip.js pinned for compatibility reasons: #10712. I'll add your report to that issue to keep conversation in one place. |
|
@ggetz Thanks. I will follow the other issue about zip.js. |
|
@ggetz PS do you have any time estimate when this issue may be resolved in Cesium? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
General
The recent versions of cesium contain an indirect bug because of using a dependency with a bug.
This can be fixed by using a more up-to-date version of that dependency.
The nature of the bug:
The dependency (@zip.js/zip.js) in older (before 2.6.70) versions comes with a "tests' folder.
The tests folder contains an encrypted archive (tests/data/lorem-encrypted.zip)
A secured site that I am working with does not allow direct access to the internet.
The secured site allows importing from npm, and from other open code sources.
But the secured site does not allow any encrypted archives within the imported packages, because such archives cannot be scanned.
The result is that the secured site does not allow importation of cesium from npm.
The requested fix
In later versions (about ~ 2.6.70) the "tests" folder was removed from the installation of zip.js.
Which also removed the problematic archive file.
So the solution is to use more up-to-date versions of @zip.js/zip.js
File https://github.com/CesiumGS/cesium/blob/main/packages/engine/package.json contains the line.
"dependencies": {
...
"@zip.js/zip.js": "2.4.x",
This should be changed to
"dependencies": {
...
"@zip.js/zip.js": "2.7.x",
That is @zip.js/zip.js version 2.7.0 or above.
TIA
The text was updated successfully, but these errors were encountered: