darenju
commented
4 years ago Hey, it’s weird I haven’t had a notice from GitHub telling me there was this problem… I will try and solve it myself, thanks for reporting.
Closed joefhall closed 4 years ago
darenju
commented
4 years ago Hey, it’s weird I haven’t had a notice from GitHub telling me there was this problem… I will try and solve it myself, thanks for reporting.
joefhall
commented
4 years ago Thanks very much @darenju that's great 👍
darenju
commented
4 years ago Actually the plugin wasn’t even used, and it’s deprecated…
Introduced the use of terser-webpack-plugin, which is its successor. The issue should be fixed in v1.6.1.
joefhall
commented
4 years ago Thanks @darenju 👌
darenju
commented
4 years ago @joefhall Can you confirm it is working on your side too?
joefhall
commented
4 years ago Hi @darenju I'm not sure if I'm doing something daft, but when I try to npm install it from GitHub to get your latest changes (e.g. npm install darenju/react-flip-page or npm install --save git+https://git@github.com/darenju/react-flip-page.git) it's not actually installing the package properly in my project, in the node_modules/react-flip-page directory (I only get the CHANGELOG, LICENSE, README and package.json files).
Not sure if there's something I'm doing wrong? Are you waiting to test it before you publish the new version to npm?
darenju
commented
4 years ago For some reason, the tag was not pushed. Now pushing the tag.
However, I think your syntax for installing is wrong. Basically, it should be:
npm install --save react-flip-pageEdit: v1.6.1 has been successfully deployed. I just tried installing it in a dummy project using the command I provided you, and got the 1.6.1 installed. You do not get much after installing, the only file that is actually needed is dist/index.js, as mentioned in the main key of package.json.
joefhall
commented
4 years ago Aha I see. Because when I tried it before v1.6.1 hadn't been published I had assumed you wanted me to check it by installing it from the latest code in GitHub instead because you had made the changes there. I had previously installed it (and would normally) the way you mention above.
I've just installed the new version now and it's looking good -- no security vulnerabilities flagged by npm now.
Thanks for sorting that out. Looking forward to doing more with the flip pages! 📖 ⏩
darenju
commented
4 years ago Awesome! I'm glad it worked.
Closing the issue.
Hello!
Thanks for what looks like a great component.
I've had this security alert when installing via npm -- it looks like
uglifyjs-webpack-pluginwhich usesserialize-javascriptneeds to be updated as it's vulnerable to Cross-Site Scripting (XSS).Thanks