How to Handle CSP ‘unsafe-eval’ Issue in an Old Project?

I’m working on an old react project where we are encountering a Content Security Policy (CSP) warning about using ‘unsafe-eval’. Here’s the specific message:

Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’. This issue has been flagged because ‘unsafe-eval’ is not recommended due to security risks.

Unfortunately, this is an old codebase with several instances of eval() that I can’t refactor at this moment. Completely removing eval() from the code isn’t feasible in the short term due to the complexity and potential for introducing bugs.

I’m aware that using ‘unsafe-eval’ opens up security vulnerabilities, but given my current situation, are there any alternative ways to address this CSP issue while still keeping eval() in use temporarily?

Here are a few specific questions:

Can I restrict ‘unsafe-eval’ to only certain scripts or parts of the site?
Are there any security mitigations I can put in place to reduce the risk of ‘unsafe-eval’ in the meantime?
Any suggestions for gradually transitioning away from eval() without breaking the old code?
Any help or insights would be greatly appreciated!

i tired to remove ‘unsafe-eval’ from CSP header then my project stop working