Skip to content

fix(deps): update dependency react-router to v6.30.4 [security]#4944

Merged
openshift-merge-bot[bot] merged 1 commit into
mainfrom
renovate/npm-react-router-vulnerability
Jun 25, 2026
Merged

fix(deps): update dependency react-router to v6.30.4 [security]#4944
openshift-merge-bot[bot] merged 1 commit into
mainfrom
renovate/npm-react-router-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Jun 14, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
react-router (source) 6.30.36.30.4 age confidence

React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation

CVE-2026-40181 / GHSA-2j2x-hqr9-3h42

More information

Details

Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect.

[!NOTE]
This does not impact your React Router application if you are using Declarative Mode (<BrowserRouter>)

Severity

  • CVSS Score: 6.6 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

remix-run/react-router (react-router)

v6.30.4: v6.30.4

Compare Source

See the changelog for release notes: https://github.com/remix-run/react-router/blob/v6/CHANGELOG.md#v6304


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@openshift-ci

openshift-ci Bot commented Jun 14, 2026

Copy link
Copy Markdown

Hi @renovate[bot]. Thanks for your PR.

I'm waiting for a redhat-developer member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@codecov

codecov Bot commented Jun 14, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.77%. Comparing base (50800b9) to head (f08ac47).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #4944      +/-   ##
==========================================
- Coverage   55.39%   54.77%   -0.62%     
==========================================
  Files         122      110      -12     
  Lines        2365     2147     -218     
  Branches      564      537      -27     
==========================================
- Hits         1310     1176     -134     
+ Misses       1048      969      -79     
+ Partials        7        2       -5     
Flag Coverage Δ
rhdh 54.77% <ø> (-0.62%) ⬇️

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 50800b9...f08ac47. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from ba3afe5 to 679bcc9 Compare June 15, 2026 04:41
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch 2 times, most recently from 542b205 to cfbd0c3 Compare June 16, 2026 15:35
@github-actions

Copy link
Copy Markdown
Contributor

The container image build workflow finished with status: cancelled.

@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from cfbd0c3 to 1c955aa Compare June 16, 2026 19:42
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from 1c955aa to 7d7d0a7 Compare June 18, 2026 14:26
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from 7d7d0a7 to dab05f5 Compare June 22, 2026 14:36
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from dab05f5 to e64f008 Compare June 22, 2026 16:12
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from e64f008 to 0eabb2b Compare June 22, 2026 18:30
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from 0eabb2b to f14f75f Compare June 22, 2026 19:11
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from f14f75f to cd1eaaa Compare June 22, 2026 19:47
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@albarbaro

Copy link
Copy Markdown
Member

/lgtm

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from 19d0f74 to eb86578 Compare June 24, 2026 17:56
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@kim-tsao

Copy link
Copy Markdown
Member

/ok-to-test

@kim-tsao kim-tsao left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci Bot added the lgtm label Jun 24, 2026
@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from eb86578 to f1a190a Compare June 24, 2026 18:45
@openshift-ci openshift-ci Bot removed the lgtm label Jun 24, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from f1a190a to 1499659 Compare June 24, 2026 19:48
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from 1499659 to 5fcf061 Compare June 24, 2026 20:45
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from 5fcf061 to 3cf4f00 Compare June 25, 2026 03:42
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from 3cf4f00 to e47c496 Compare June 25, 2026 08:58
@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from e47c496 to 3301a32 Compare June 25, 2026 14:43
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate Bot force-pushed the renovate/npm-react-router-vulnerability branch from 3301a32 to f08ac47 Compare June 25, 2026 14:50
@github-actions

Copy link
Copy Markdown
Contributor

The container image build workflow finished with status: cancelled.

@github-actions

Copy link
Copy Markdown
Contributor

Image was built and published successfully. It is available at:

@kim-tsao

Copy link
Copy Markdown
Member

/lgtm

@openshift-ci openshift-ci Bot added the lgtm label Jun 25, 2026
@openshift-merge-bot openshift-merge-bot Bot merged commit 9524104 into main Jun 25, 2026
20 checks passed
@openshift-merge-bot openshift-merge-bot Bot deleted the renovate/npm-react-router-vulnerability branch June 25, 2026 16:55
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants