fix(deps): update dependency react-router to v6.30.4 [security]#4944
Conversation
|
Hi @renovate[bot]. Thanks for your PR. I'm waiting for a redhat-developer member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #4944 +/- ##
==========================================
- Coverage 55.39% 54.77% -0.62%
==========================================
Files 122 110 -12
Lines 2365 2147 -218
Branches 564 537 -27
==========================================
- Hits 1310 1176 -134
+ Misses 1048 969 -79
+ Partials 7 2 -5
Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
ba3afe5 to
679bcc9
Compare
542b205 to
cfbd0c3
Compare
|
The container image build workflow finished with status: |
cfbd0c3 to
1c955aa
Compare
1c955aa to
7d7d0a7
Compare
7d7d0a7 to
dab05f5
Compare
dab05f5 to
e64f008
Compare
e64f008 to
0eabb2b
Compare
0eabb2b to
f14f75f
Compare
f14f75f to
cd1eaaa
Compare
|
/lgtm |
19d0f74 to
eb86578
Compare
|
/ok-to-test |
eb86578 to
f1a190a
Compare
f1a190a to
1499659
Compare
1499659 to
5fcf061
Compare
5fcf061 to
3cf4f00
Compare
3cf4f00 to
e47c496
Compare
e47c496 to
3301a32
Compare
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
3301a32 to
f08ac47
Compare
|
The container image build workflow finished with status: |
|
/lgtm |
|



This PR contains the following updates:
6.30.3→6.30.4React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation
CVE-2026-40181 / GHSA-2j2x-hqr9-3h42
More information
Details
Certain URLs passed to the
redirectfunction can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning theredirect.Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:UReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
remix-run/react-router (react-router)
v6.30.4: v6.30.4Compare Source
See the changelog for release notes: https://github.com/remix-run/react-router/blob/v6/CHANGELOG.md#v6304
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.