react-native-dropdownalert icon indicating copy to clipboard operation
react-native-dropdownalert copied to clipboard
verified publisher icon testshallpass

Relax `prop-types` to remove `fbjs` direct deps

Open j0k3r opened this issue 3 years ago • 0 comments

The version of fbjs integrated to prop-types@15.5.10 was pretty old (^0.8.9, latest is 3.0.4) and was requiring an old version of isomorphic-fetch (^2.1.1) which integrate node-fetch "^1.0.1" which has 2 CVEs (one low and one high):

  • https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
  • https://github.com/advisories/GHSA-r683-j2x4-v87g

I defined prop-types as ^15.6.2 which is the version where fbjs was removed. https://github.com/facebook/prop-types/blob/main/CHANGELOG.md#1562

j0k3r avatar Jul 25 '22 11:07 j0k3r