react-app-polyfill demands exact version of all dependencies

Created by: J-Keating

Describe the bug

react-app-polyfill has pinned dependencies (no '~' or '^') which makes it difficult for consumers to minimize package duplication. (Especially with core-js.)

Steps to reproduce

1. Create a new app which has a dependency on react-app-polyfill
2. Leverage another dependency which happens to use some version of 'core-js'
3. Build using a webpack duplicate package checker plugin such as https://github.com/darrenscerri/duplicate-package-checker-webpack-plugin.

Alternatively:

1. Create new react component to be used by a downstream app (partner team).
2. Use react-app-polyfill in your component. Publish the component.
3. Note that your component now has a pinned dependency on 'core-js'
4. Downstream partner team uses the webpack duplicate package checker plugin (https://github.com/darrenscerri/duplicate-package-checker-webpack-plugin).
5. Downstream partner attempts to integrate your component, but their build fails because react-app-polyfill insists on a specific (potentially older) version of core-js than they are using. Error such as:

Multiple versions of core-js found: 2.5.7 D:\Code\...\core-js\2.5.7/~/core-js from D:\Code\...\react-app-polyfill\0.1.1/~/react-app-polyfill\ie11.js 2.6.10 D:\Code\...\core-js\2.6.10/~/core-js from D:\Code\...\blah\blah\blah.js

Expected behavior

I might be missing something, but I would expect that react-app-polyfill is loosely coupled to 'core-js', so should be using '~' or '^'. This would allow downstream consumers to collapse dependencies, assuming they provide a compatible version.

Reproducible demo

I didn't make one, but I can if it will be helpful.