Change p5 dependency version to minimum 1.4.1

[taliacotton]

Discussed in #317

^{Originally posted by taliacotton February 15, 2024}
I've noticed the component depends on a specific version of p5 (as of right now I see 1.9.0). I was wondering if there's a way to control which version of p5 it uses. The reason for this is that there are certain features of p5 in prior versions, so I'm wondering if it's possible to downgrade the version. Thanks!

// package-lock.json
    "node_modules/@p5-wrapper/react": {
      "version": "4.3.2",
      "resolved": "https://registry.npmjs.org/@p5-wrapper/react/-/react-4.3.2.tgz",
      "integrity": "sha512-m7MoL63grVVyu39czEi3V3tz29VM4zzd4K9MjNWZ5t7jb4itgHpw6FCiSG2JzU1SqElKgo9ny8NliavPWYYdrw==",
      "dependencies": {
        "microdiff": "^1.3.2",
        "p5": "^1.9.0"
      },
      "peerDependencies": {
        "react": ">= 18.2.0",
        "react-dom": ">= 18.2.0"
      }
    },
```</div>

[jamesrweb]

What specifically is 1.9 missing that you need from 1.4? The main point is security updates, lowering the version would open the package and consumers of the package up to CVEs which are patched in the latest versions.

[taliacotton]

Makes total sense. There are a couple bugs in the current p5 version that you can see here and here, which they've flagged. As a temporary fix since I'm working on a time-sensitive project that depends on that update, I was hoping to revert back to an older version of p5... but I'm unable to do that too 😅 Hence my request.
Thank you!

[jamesrweb]

I see your comments in those threads, indeed these are issues but do the workarounds suggested such as pixel density not work for your needs? If not, I'll consider making p5 a peer dependency but that would entail a new major release since it would disrupt existing user installs and also the other aforementioned topics would need documented and so on too.

[taliacotton]

I appreciate that, and I wouldn't be asking if I didn't try a dozen other things first, including all of their workaround suggestions and then some. Totally understand treating it as a major release. Thought I'd try!

[jamesrweb]

Give me this evening (it's 8pm in Germany right now) to think about it, you'll know my decision by the morning (German time) 😜

CC @yevdyko

[taliacotton]

omg💖

[yevdyko]

@jamesrweb I left some suggestions in the Discussions thread on how to avoid using a peer dependency

[jamesrweb]

Version 4.3.3 is now released and you should be able to request that version of p5 now @taliacotton. Let us know if it works for you or not and we can either close this issue or work on a fix then.

CC @yevdyko

[jamesrweb]

Closing issue due to inactivity, @taliacotton - please comment here again if you have any issues with the latest deployed version and I can reopen this issue again. Otherwise I hope your problem is solved and good luck with your project 🍀😊