Remove fbjs dependency - Githubissues

facebook / prop-types

Runtime type checking for React props and similar objects

MIT License

4.48k stars 356 forks source link

Remove fbjs dependency #194

Closed gaearon closed 6 years ago

gaearon commented 6 years ago

See reasons in https://github.com/facebook/react/pull/13069. This PR is complementary.

I chose to inline a simplified version of warning in two files where we use it, and replacing invariant calls with new Error. In case somebody relies on Invariant Violation being the name (e.g. in tests), I inlined .name assignments to match the invariant logic.

Without this PR, fbjs would stay a transitive dep of React.

MariaDima commented 6 years ago

Can someone please make a release, so that all modules that depend on prop-types can get the vulnerability fix?

gaearon commented 6 years ago

This PR was released as 15.6.2.
There's no (and has never been) a vulnerability in prop-types. Even if some transitive dependency of fbjs had a vulnerability at some point, prop-types only uses functions in fbjs that have no transitive dependencies.

ljharb commented 6 years ago

@gaearon could you push all the git tags up for the releases? It seems that most of them (including the latest) are missing.

gaearon commented 6 years ago

Pushed a tag for the latest release.