yuriipalam opened a new pull request, #8373: URL: https://github.com/apache/hbase/pull/8373
`esbuild < 0.28.1` is vulnerable to [GHSA-g7r4-m6w7-qqqr](https://github.com/advisories/GHSA-g7r4-m6w7-qqqr) (dev-server path traversal) and is pulled in transitively by Vite, and some other dependencies. The parents can't be bumped to resolve it (Vite 8 is blocked by React Router 7's `vite-node@3` cap). This adds an npm overrides entry forcing `esbuild` to `^0.28.1` across the tree as a temporary workaround until React Router is released with proper Vite 8 support, or adds its support to the current major version, but it's unlikely to happen. I also disabled all the future flags in this PR. They will become defaults in the next React Router 8 release, but for now some of them aren't ready for our "prerendering", aka "static build", strategy. Explicitly disabling them removes the annoying warnings in console. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
