Update dependencies fbjs@1.0.0 -> core-js@2.6.11

yaodingyd / react-flickity-component

A React.js component for using @desandro's Flickity

314 stars 51 forks source link

Update dependencies fbjs@1.0.0 -> core-js@2.6.11 #102

Closed titch-ane closed 3 years ago

titch-ane commented 4 years ago

my-project@1.0.0
├── core-js@3.6.5 
└─┬ react-flickity-component@3.5.0
  └─┬ fbjs@1.0.0
    └── core-js@2.6.11

npm WARN deprecated core-js@2.6.11: core-js@<3 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js@3.

as you can see, fbjs 1.0.0 (Sep 18, 2018) related to core-js 2, but fbjs v2.0.0 (Sep 23, 2019) released. maybe it's time to update the dependencies?

McGern commented 3 years ago

I am also seeing a vulnerability with the FBJS version. Was wondering about a different solution. Given that the FBJS library is only being used for canUseDom and also given the relative simplicity of the method, can it be put into the library and remove the dependency from FBJS?

This is the canUseDom check from the library

const canUseDOM = !!( typeof window !== 'undefined' && window.document && window.document.createElement );

theolampert commented 3 years ago

Thanks @McGern I've just dropped this in rather than including that library