From ffb2a31cc42b7ad2aa7ed3d593d9b18cf4e8bba7 Mon Sep 17 00:00:00 2001 From: callums Date: Wed, 29 Apr 2026 16:42:17 +0300 Subject: [PATCH] fix(react-start-rsc): bump @vitejs/plugin-rsc to ^0.5.23 (GHSA-v457-wxvj-p9w9) Versions <=0.5.22 vendored a vulnerable react-server-dom-webpack (GHSA-v457-wxvj-p9w9). 0.5.23 is the upstream-recommended fix. --- e2e/react-start/rsc-query/package.json | 2 +- e2e/react-start/rsc/package.json | 2 +- examples/react/start-rscs/package.json | 2 +- packages/react-start-rsc/package.json | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/e2e/react-start/rsc-query/package.json b/e2e/react-start/rsc-query/package.json index 9704ef52754..0f561361f90 100644 --- a/e2e/react-start/rsc-query/package.json +++ b/e2e/react-start/rsc-query/package.json @@ -28,7 +28,7 @@ "@types/react": "^19.0.8", "@types/react-dom": "^19.0.3", "@vitejs/plugin-react": "^6.0.1", - "@vitejs/plugin-rsc": "^0.5.20", + "@vitejs/plugin-rsc": "^0.5.23", "srvx": "^0.10.0", "typescript": "^5.7.2", "vite": "^8.0.0" diff --git a/e2e/react-start/rsc/package.json b/e2e/react-start/rsc/package.json index 39becac1fc1..c05fca80877 100644 --- a/e2e/react-start/rsc/package.json +++ b/e2e/react-start/rsc/package.json @@ -44,7 +44,7 @@ "@types/react-dom": "^19.0.3", "@typescript-eslint/parser": "^8.23.0", "@vitejs/plugin-react": "^6.0.1", - "@vitejs/plugin-rsc": "^0.5.20", + "@vitejs/plugin-rsc": "^0.5.23", "eslint": "^9.22.0", "srvx": "^0.10.0", "typescript": "^5.7.2", diff --git a/examples/react/start-rscs/package.json b/examples/react/start-rscs/package.json index f83bd115aae..e9953e0c980 100644 --- a/examples/react/start-rscs/package.json +++ b/examples/react/start-rscs/package.json @@ -26,7 +26,7 @@ "@types/react": "^19.2.2", "@types/react-dom": "^19.2.2", "@vitejs/plugin-react": "^6.0.1", - "@vitejs/plugin-rsc": "^0.5.20", + "@vitejs/plugin-rsc": "^0.5.23", "nitro": "npm:nitro-nightly@latest", "tailwindcss": "^4.1.18", "typescript": "^5.7.2", diff --git a/packages/react-start-rsc/package.json b/packages/react-start-rsc/package.json index 40ece345ceb..abba4474a1b 100644 --- a/packages/react-start-rsc/package.json +++ b/packages/react-start-rsc/package.json @@ -106,12 +106,12 @@ "@rspack/core": "2.0.0", "@testing-library/react": "^16.2.0", "@vitejs/plugin-react": "^4.3.4", - "@vitejs/plugin-rsc": "^0.5.20", + "@vitejs/plugin-rsc": "^0.5.23", "react-server-dom-rspack": "^0.0.2" }, "peerDependencies": { "@rspack/core": ">=2.0.0-0", - "@vitejs/plugin-rsc": ">=0.5.20", + "@vitejs/plugin-rsc": ">=0.5.23", "react": ">=18.0.0 || >=19.0.0", "react-dom": ">=18.0.0 || >=19.0.0", "react-server-dom-rspack": ">=0.0.2"