Rule "react/jsx-no-target-blank" is using out-of-date version of dependency "eslint-plugin-react"

[leapful]

Describe the bug

ESLint validation for rule "react/jsx-no-target-blank" is always invalid with error "Schema error: should NOT have additional properties" because new configuration properties are not aligned with "eslint-plugin-react"

The new configuration:

https://github.com/microsoft/eslint-plugin-sdl/blob/3c0603cef6f5237dab09832268c5f9707c84386c/config/react.js#L18-L26

It has been updated in an enhancement PR https://github.com/microsoft/eslint-plugin-sdl/pull/26

CC @A-Katopodis @Vflouirac

But version "7.24.0" of "eslint-plugin-react" in the PR above only has 3 properties:

To Reproduce Steps to reproduce the behavior:

1. Open any Javascript or Typescript project using ESLint with Webstorm IDE
2. Install dependency "@microsoft/eslint-plugin-sdl"
3. Add "plugin:@microsoft/sdl/react" to "extends" of ".eslintrc.js" or ".eslintrc.json"
4. Open any Javascript or Typescript file and see error "Schema error: should NOT have additional properties"

Expected behavior ESLint is executed without any error.

Screenshots

[jason-ha]

eslint-plugin-react@7.24.0 is fairly stale. It does not have eslint 8.x support but more recent version @7.30.1 does. Looks like dependency should be updated.

[AndrewCraswell]

This should definitely be updated, but maybe the eslint-plugin-react should become a peer dependency. The issue is when we use this package, we're locked into using eslint-plugin-react version 7.24.0. Our project needs to enable additional rules from this plugin, and we need a newer version. The way we achieve that is to use custom resolutions in the package.json which is really not great. Especially since other projects depend on our lint rules -- not anyone who wants to consume our config needs to add similar resolutions.