fix: Updated axios min version and moved it to peer dependency

[rililive]

The gitignore is just a common boilerplate for JS projects. Moving axios to a peerDependency also allows consumers to keep it up to date. There was a recent, critical vulnerability discovered in the previous version, so this update resolve any security concerns.

Axios also has a default export that acts as a singleton, so having multiple versions installed can create bugs that are hard to track down. The peer dependency usage makes this easier to prevent by having one version and only one singleton that defaults get applied to.

[hungdev]

@rililive please remove package-lock.json

[rililive]

I can remove the package-lock if you like, but best practice is to commit it in git. It keeps versions consistent so that all consumers get the same versions.

[rililive]

For example npm ci uses the package-lock in ci/cd workflows to ensure versions are consistent with your local/testing environment

[rililive]

Why? The package-lock is important for maintaining consistent versioning across environments.

…

On Tue, May 17, 2022, 9:24 AM Hung Vu ***@***.***> wrote: @rililive <https://github.com/rililive> please remove package-lock.json — Reply to this email directly, view it on GitHub <#112 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AKT6B75ZMUOC4W4K3DSTFBLVKOTYLANCNFSM5V5VP66Q> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[hungdev]

Hi @rililive
I don't think we should put it in lib, because when you install it, lib can use existing axios in your app, and then we don't care about consistent versioning. Besides it is a special case, some people use yarn instead of npm.