fix: CVE-2023-45133 (#7988)

* Upgrade @babel/* versions to 7.24 to ensure non-vulnerable Babel versions
* Pinning React version to 18.2.0 exactly, avoiding test-utils type version clashes
* Fix warning message on yarn start
* Moving react to peer dependencies
* Moving app dependencies from workspace into app
* Bump vitest to 1.6.0 to fix history.test.tsx breaking

---------

Signed-off-by: Mark Tolmacs <[email protected]>

dev-docs/package.json

@@ -23,8 +23,8 @@
     "clsx": "^1.2.1",
     "docusaurus-plugin-sass": "0.2.3",
     "prism-react-renderer": "^1.3.5",
-    "react": "^17.0.2",
-    "react-dom": "^17.0.2",
+    "react": "18.2.0",
+    "react-dom": "18.2.0",
     "sass": "1.57.1"
   },
   "devDependencies": {

examples/excalidraw/with-nextjs/package.json

@@ -13,13 +13,13 @@
   "dependencies": {
     "@excalidraw/excalidraw": "*",
     "next": "14.1",
-    "react": "^18",
-    "react-dom": "^18"
+    "react": "18.2.0",
+    "react-dom": "18.2.0"
   },
   "devDependencies": {
     "@types/node": "^20",
-    "@types/react": "^18",
-    "@types/react-dom": "^18",
+    "@types/react": "18.2.0",
+    "@types/react-dom": "18.2.0",
     "path2d-polyfill": "2.0.1",
     "typescript": "^5"
   }

excalidraw-app/package.json

@@ -26,7 +26,17 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "vite-plugin-html": "3.2.2"
+    "firebase": "8.3.3",
+    "idb-keyval": "6.0.3",
+    "jotai": "1.13.1",
+    "react": "18.2.0",
+    "react-dom": "18.2.0",
+    "vite-plugin-html": "3.2.2",
+    "@excalidraw/random-username": "1.0.0",
+    "@sentry/browser": "6.2.5",
+    "@sentry/integrations": "6.2.5",
+    "i18next-browser-languagedetector": "6.1.4",
+    "socket.io-client": "4.7.2"
   },
   "prettier": "@excalidraw/prettier-config",
   "scripts": {

package.json

@@ -9,19 +9,8 @@
     "examples/excalidraw",
     "examples/excalidraw/*"
   ],
-  "dependencies": {
-    "@excalidraw/random-username": "1.0.0",
-    "@sentry/browser": "6.2.5",
-    "@sentry/integrations": "6.2.5",
-    "firebase": "8.3.3",
-    "i18next-browser-languagedetector": "6.1.4",
-    "idb-keyval": "6.0.3",
-    "jotai": "1.13.1",
-    "react": "18.2.0",
-    "react-dom": "18.2.0",
-    "socket.io-client": "4.7.2"
-  },
   "devDependencies": {
+    "@babel/plugin-proposal-private-property-in-object": "7.21.11",
     "@excalidraw/eslint-config": "1.0.3",
     "@excalidraw/prettier-config": "1.0.2",
     "@types/chai": "4.3.0",
@@ -51,7 +40,7 @@
     "vite-plugin-ejs": "1.7.0",
     "vite-plugin-pwa": "0.17.4",
     "vite-plugin-svgr": "2.4.0",
-    "vitest": "1.5.3",
+    "vitest": "1.6.0",
     "vitest-canvas-mock": "0.3.2"
   },
   "engines": {
@@ -88,5 +77,8 @@
     "prerelease:excalidraw": "node scripts/prerelease.js",
     "build:preview": "yarn build && vite preview --port 5000",
     "release:excalidraw": "node scripts/release.js"
+  },
+  "resolutions": {
+    "@types/react": "18.2.0"
   }
 }

packages/excalidraw/package.json

@@ -87,14 +87,14 @@
     "tunnel-rat": "0.1.2"
   },
   "devDependencies": {
-    "@babel/core": "7.18.9",
-    "@babel/plugin-transform-arrow-functions": "7.18.6",
-    "@babel/plugin-transform-async-to-generator": "7.18.6",
-    "@babel/plugin-transform-runtime": "7.18.9",
-    "@babel/plugin-transform-typescript": "7.18.8",
-    "@babel/preset-env": "7.18.6",
-    "@babel/preset-react": "7.18.6",
-    "@babel/preset-typescript": "7.18.6",
+    "@babel/core": "7.24.5",
+    "@babel/plugin-transform-arrow-functions": "7.24.1",
+    "@babel/plugin-transform-async-to-generator": "7.24.1",
+    "@babel/plugin-transform-runtime": "7.24.3",
+    "@babel/plugin-transform-typescript": "7.24.5",
+    "@babel/preset-env": "7.24.5",
+    "@babel/preset-react": "7.24.1",
+    "@babel/preset-typescript": "7.24.1",
     "@size-limit/preset-big-lib": "9.0.0",
     "@testing-library/jest-dom": "5.16.2",
     "@testing-library/react": "12.1.5",
@@ -115,8 +115,6 @@
     "import-meta-loader": "1.1.0",
     "mini-css-extract-plugin": "2.6.1",
     "postcss-loader": "7.0.1",
-    "react": "18.2.0",
-    "react-dom": "18.2.0",
     "sass-loader": "13.0.2",
     "size-limit": "9.0.0",
     "style-loader": "3.3.3",

packages/utils/package.json

@@ -55,13 +55,13 @@
     "roughjs": "4.6.4"
   },
   "devDependencies": {
-    "@babel/core": "7.18.9",
-    "@babel/plugin-transform-arrow-functions": "7.18.6",
-    "@babel/plugin-transform-async-to-generator": "7.18.6",
-    "@babel/plugin-transform-runtime": "7.18.6",
-    "@babel/plugin-transform-typescript": "7.18.8",
-    "@babel/preset-env": "7.18.9",
-    "@babel/preset-typescript": "7.18.6",
+    "@babel/core": "7.24.5",
+    "@babel/plugin-transform-arrow-functions": "7.24.1",
+    "@babel/plugin-transform-async-to-generator": "7.24.1",
+    "@babel/plugin-transform-runtime": "7.24.3",
+    "@babel/plugin-transform-typescript": "7.24.5",
+    "@babel/preset-env": "7.24.5",
+    "@babel/preset-typescript": "7.24.1",
     "babel-loader": "8.2.5",
     "babel-plugin-transform-class-properties": "6.24.1",
     "cross-env": "7.0.3",