Relax `prop-types` to remove `fbjs` direct deps - Githubissues

testshallpass / react-native-dropdownalert

An alert to notify users about an error or something else

MIT License

1.85k stars 252 forks source link

Relax `prop-types` to remove `fbjs` direct deps #285

Closed j0k3r closed 11 months ago

j0k3r commented 1 year ago

The version of fbjs integrated to prop-types@15.5.10 was pretty old (^0.8.9, latest is 3.0.4) and was requiring an old version of isomorphic-fetch (^2.1.1) which integrate node-fetch "^1.0.1" which has 2 CVEs (one low and one high):

I defined prop-types as ^15.6.2 which is the version where fbjs was removed. https://github.com/facebook/prop-types/blob/main/CHANGELOG.md#1562

testshallpass commented 11 months ago

Closing as I removed prop-types as a dependency in v5.0.0.