Skip to content

Commit 0600744

Browse files
DevanshuNEUDevanshuNEU
committed
chore(deps): bump react-router-dom to ^7.15.0 (fixes 4 HIGH react-router CVEs)
Trivy flagged react-router 7.13.0 (transitive via react-router-dom) with 4 HIGH CVEs: CVE-2026-33245 (XSS in RSC redirect), -34077 (DoS), -42211 (turbo-stream arbitrary constructor), -42342 (DoS via unbounded path expansion). All fixed by <=7.15.0; bumping the floor resolves react-router to 7.17.0, clearing all four. Validated: frontend typecheck clean, 13 vitest tests pass, build succeeds. Dependency bump only, no code changes.
1 parent 7a29b89 commit 0600744

2 files changed

Lines changed: 4 additions & 4 deletions

File tree

frontend/bun.lock

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

frontend/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@
4545
"next-themes": "^0.4.6",
4646
"react": "^18.2.0",
4747
"react-dom": "^18.2.0",
48-
"react-router-dom": "^7.12.0",
48+
"react-router-dom": "^7.15.0",
4949
"react-syntax-highlighter": "^16.1.0",
5050
"sigma": "^3.0.2",
5151
"sonner": "^2.0.7",

0 commit comments

Comments
 (0)