Open jhk0530 opened 3 months ago
@jhk0530 Thanks so much. You are correct that core-js
is no longer required, but I do feel like I should continue to include for anyone on legacy setups. I plan to push 0.6.0
to CRAN this week, but I am worried this might require testing that would delay this release. Over the next couple of weeks, I'll try to
core-js
to core-js-bundle@3.37.1
which unfortunately is 229kb versus previous 85.9kbcore-js
from the default dependencies in the templates but any widgets and inputs built with prior templates will still by default include core-js
. Updated core-js
in step 1 should mean though that everything works.@glin any thoughts or concerns?
@timelyportfolio No concerns, I doubt core-js
is still necessary in >99% of cases. I had also wanted to remove core-js from reactable a few years ago during the IE11 EOL because of its added size, and that it was getting flagged for vulnerabilities (https://github.com/glin/reactable/issues/245#issuecomment-1166363344)
Removing it by default but leaving it in the package to opt into sounds like a good idea.
Hi, thanks for awesome work.
When
reactR
used in Quarto HTML page and commited to github.This will cause security problem like below.
*note, above image says that issue closed (since I changed to not use
reactR
in that code)To reproduce this, use below as contents of
index.qmd
and render with quarto. (Which is example from readme)which is actually works as below
cause this.
to solve this. updating version from 2.5.3 to further version which is not use
grunt-karma
as <=4.0.1 or latest(3.37.1) can be considered.Thanks.