__Describe the Bug__
Beginning with the current nightly build (30-03-21) we got an error in the Error Log when opening a BPMN (Camunda) diagram.
[diagram_1.bpmn] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".
at new Function (<anonymous>)
at g.I (webpack:///node_modules/@bpmn-io/json-schema-validator/node_modules/ajv/lib/compile/index.js:120:25)
at call (webpack:///node_modules/@bpmn-io/json-schema-validator/node_modules/ajv/lib/compile/resolve.js:54:18)
at call (webpack:///node_modules/@bpmn-io/json-schema-validator/node_modules/ajv/lib/compile/index.js:189:20)
at resolveRef (webpack:///node_modules/@bpmn-io/json-schema-validator/node_modules/ajv/lib/dotjs/ref.js:21:21)
at code (webpack:///node_modules/@bpmn-io/json-schema-validator/node_modules/ajv/lib/dotjs/validate.js:277:36)
at validate (webpack:///node_modules/@bpmn-io/json-schema-validator/node_modules/ajv/lib/dotjs/properties.js:201:25)
at code (webpack:///node_modules/@bpmn-io/json-schema-validator/node_modules/ajv/lib/dotjs/validate.js:374:34)
at validateGenerator (webpack:///node_modules/@bpmn-io/json-schema-validator/node_modules/ajv/lib/compile/index.js:88:21)
at localCompile (webpack:///node_modules/@bpmn-io/json-schema-validator/node_modules/ajv/lib/compile/index.js:55:12) [ error ]
This error may be the result of a plug-in compatibility issue. [ info ]
Disable plug-ins (restarts the app) [ info ]
This is caused due to the fact we compile the Element Templates JSON Schema one time to validate element templates against it (cf. #2159). In production builds, this is indicated as a security issue: https://github.com/ajv-validator/ajv/issues/406
__Steps to Reproduce__
__Expected Behavior__
No Error is visible and the validator works as expected.
__Environment__
One way of solving would be to pre-compile the validator: https://github.com/ajv-validator/ajv/blob/master/docs/standalone.md
This would also reduce the bundle size 馃憤
Since we use ajv@6, we would have to use https://github.com/ajv-validator/ajv-pack I guess (or try to migrate).
Fixed upstream via https://github.com/bpmn-io/bpmn-js-properties-panel/pull/462