draftail icon indicating copy to clipboard operation
draftail copied to clipboard
verified publisher icon springload

Update draft-js peer dependency to the latest version

Open chrimesdev opened this issue 3 years ago โ€ข 2 comments

draftail has a peer dependency on draft-js version 0.10.5, the latest version of draft-js is at 0.11.7.

draft-js 0.10.5 has some requirements on an earlier version of node-fetch which currently has a high security vulnerability (https://github.com/advisories/GHSA-r683-j2x4-v87g) and also size which currently has a low security vulnerability (https://github.com/advisories/GHSA-w7rc-rwvf-8q5r)

We've overridden the peer dependencies for draftail to the latest version of draft-js and -everything still seems to be functioning as normal- see comment

It looks like a pull request was started for 0.11.0 when it was in BETA but not completed https://github.com/springload/draftail/pull/186

@zerolab also left a comment here: https://github.com/springload/draftail/pull/186#issuecomment-1141086484

chrimesdev avatar Aug 22 '22 14:08 chrimesdev

Looks like you get this issue https://github.com/springload/draftail/issues/260 if you use anything higher than 0.10.5

Specifically i, j, k in our case

chrimesdev avatar Sep 01 '22 09:09 chrimesdev

Hey @chrimesdev ๐Ÿ‘‹ I believe this is a dupe of #213. Iโ€™ll document how to use overrides to get rid of those warnings, and then close this in favour of #213.

Iโ€™ve researched those two warnings before, as I recall they are transitive dependencies from fbjs, a large polyfill and utility library, and donโ€™t end up being used in Draft.js / Draftail.

The main problem with #186 for context is copy-paste support โ€“ Draft.js v0.11 has very different copy-paste processing, and Iโ€™d need to make sure the implementation is as solid as in v0.10 before merging this.

thibaudcolas avatar Jan 06 '23 11:01 thibaudcolas