Skip to content

VULN UPGRADE: minor upgrades — 12 packages (minor: 2 · patch: 10) [web-frontend]#232

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/web-frontend/0-1773078461
Mar 18, 2026
Merged

VULN UPGRADE: minor upgrades — 12 packages (minor: 2 · patch: 10) [web-frontend]#232
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/web-frontend/0-1773078461

Conversation

@campaigner-prod

Copy link
Copy Markdown
Contributor

Summary: High-severity security update — 12 packages upgraded (MINOR changes included)

Manifests changed:

  • web-frontend (npm)

Updates

Package From To Type Vulnerabilities Fixed
react-router 7.8.1 7.13.1 minor 6 HIGH, 4 MODERATE
vite 7.0.5 7.0.8 patch 2 MODERATE, 4 LOW
@vitejs/plugin-react 4.6.0 4.7.0 minor -
@mui/icons-material 7.3.1 7.3.8 patch -
@mui/material 7.3.1 7.3.8 patch -
@tailwindcss/vite 4.1.12 4.1.18 patch -
@types/react 19.1.8 19.1.17 patch -
@types/react-dom 19.1.6 19.1.11 patch -
eslint-plugin-react-refresh 0.4.20 0.4.26 patch -
react 19.1.0 19.1.5 patch -
react-dom 19.1.0 19.1.5 patch -
tailwindcss 4.1.12 4.1.18 patch -

Packages marked with "-" are updated due to dependency constraints.


Security Details

🚨 Critical & High Severity (6 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
react-router GHSA-2w69-qvjg-hvjx HIGH React Router vulnerable to XSS via Open Redirects 7.8.1 7.12.0
react-router CVE-2026-22029 HIGH React Router vulnerable to XSS via Open Redirects 7.8.1 -
react-router GHSA-3cgp-3xvw-98x8 HIGH React Router has XSS Vulnerability 7.8.1 7.9.0
react-router CVE-2025-59057 HIGH React Router has XSS Vulnerability 7.8.1 -
react-router GHSA-8v8x-cx79-35w7 HIGH React Router SSR XSS in ScrollRestoration 7.8.1 7.12.0
react-router CVE-2026-21884 HIGH React Router SSR XSS in ScrollRestoration 7.8.1 -
ℹ️ Other Vulnerabilities (10)
Package CVE Severity Summary Unsafe Version Fixed In
react-router GHSA-h5cw-625j-3rxh MODERATE React Router has CSRF issue in Action/Server Action Request Processing 7.8.1 7.12.0
react-router CVE-2025-68470 MODERATE React Router has unexpected external redirect via untrusted paths 7.8.1 -
react-router GHSA-9jcx-v3wj-wh4m MODERATE React Router has unexpected external redirect via untrusted paths 7.8.1 6.30.2
react-router CVE-2026-22030 MODERATE React Router has CSRF issue in Action/Server Action Request Processing 7.8.1 -
vite GHSA-93m4-6634-74q7 MODERATE vite allows server.fs.deny bypass via backslash on Windows 7.0.5 7.1.11
vite CVE-2025-62522 MODERATE vite allows server.fs.deny bypass via backslash on Windows 7.0.5 -
vite GHSA-g4jq-h2w9-997c LOW Vite middleware may serve files starting with the same name with the public directory 7.0.5 7.1.5
vite CVE-2025-58751 LOW Vite middleware may serve files starting with the same name with the public directory 7.0.5 -
vite GHSA-jqfw-vq24-v9c3 LOW Vite's server.fs settings were not applied to HTML files 7.0.5 7.1.5
vite CVE-2025-58752 LOW Vite's server.fs settings were not applied to HTML files 7.0.5 -

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@scottgerring scottgerring marked this pull request as ready for review March 18, 2026 08:28
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit becb1fa into main Mar 18, 2026
12 of 13 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the engraver-auto-version-upgrade/minorpatch/npm/web-frontend/0-1773078461 branch March 18, 2026 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant