fix(http-user-agent): remove eval in favor of CSP compliant browser detection

[tdeekens]

Summary

This relates to #479 and closes #479.

The browser detection was previously performed using a new Function which breaks harder CSP rules. Side note: jQuery also used new Function to parse JSON for a long time.

Detecting the browser can be done in a mirage of ways. Often using an eval or new Function statement. There are also packages like global-or-window which return the Node.JS global or the window. Something we don't specifically need.

The new check is aligned with what we do at DOMPurify. Where we also had an issue filed around the same issue here.

[emmenko]

Awesome, thanks!!! ❤️🙏

[wizzy25]

🥇

[wizzy25]

Unit tests aren't passing

[tdeekens]

Unit tests aren't passing

Already on it.

[codecov]

Codecov Report

Merging #480 into master will increase coverage by <.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #480      +/-   ##
==========================================
+ Coverage   98.57%   98.57%   +<.01%     
==========================================
  Files          85       85              
  Lines        1899     1900       +1     
  Branches      463      464       +1     
==========================================
+ Hits         1872     1873       +1     
  Misses         24       24              
  Partials        3        3

Impacted Files	Coverage Δ
packages/http-user-agent/src/create-user-agent.js	100% <100%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ac1460f...26e7992. Read the comment docs.