From bade4d3c2f0766737a84ddfbda0b711e6a73074b Mon Sep 17 00:00:00 2001 From: BjornMonnens Date: Thu, 15 Jan 2026 15:06:20 +0100 Subject: [PATCH] chore(VENLY-9036) fix react-router-dom XSS vulnerability Update react-router-dom from 6.23.1 to 6.30.3 to fix high severity XSS via Open Redirects vulnerability in @remix-run/router. Co-Authored-By: Claude Opus 4.5 --- connect-sdk/package-lock.json | 29 ++++++++++++++++------------- connect-sdk/package.json | 2 +- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/connect-sdk/package-lock.json b/connect-sdk/package-lock.json index 79257b4..d9ad567 100644 --- a/connect-sdk/package-lock.json +++ b/connect-sdk/package-lock.json @@ -15,7 +15,7 @@ "react-hot-toast": "^2.4.1", "react-loading-skeleton": "^3.4.0", "react-modal": "^3.16.1", - "react-router-dom": "^6.23.1", + "react-router-dom": "^6.30.3", "serve": "^14.2.3" }, "devDependencies": { @@ -1013,9 +1013,10 @@ } }, "node_modules/@remix-run/router": { - "version": "1.16.1", - "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.16.1.tgz", - "integrity": "sha512-es2g3dq6Nb07iFxGk5GuHN20RwBZOsuDQN7izWIisUcv9r+d2C5jQxqmgkdebXgReWfiyUabcki6Fg77mSNrig==", + "version": "1.23.2", + "resolved": "https://registry.npmjs.org/@remix-run/router/-/router-1.23.2.tgz", + "integrity": "sha512-Ic6m2U/rMjTkhERIa/0ZtXJP17QUi2CbWE7cqx4J58M8aA3QTfW+2UlQ4psvTX9IO1RfNVhK3pcpdjej7L+t2w==", + "license": "MIT", "engines": { "node": ">=14.0.0" } @@ -3631,11 +3632,12 @@ } }, "node_modules/react-router": { - "version": "6.23.1", - "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.23.1.tgz", - "integrity": "sha512-fzcOaRF69uvqbbM7OhvQyBTFDVrrGlsFdS3AL+1KfIBtGETibHzi3FkoTRyiDJnWNc2VxrfvR+657ROHjaNjqQ==", + "version": "6.30.3", + "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.30.3.tgz", + "integrity": "sha512-XRnlbKMTmktBkjCLE8/XcZFlnHvr2Ltdr1eJX4idL55/9BbORzyZEaIkBFDhFGCEWBBItsVrDxwx3gnisMitdw==", + "license": "MIT", "dependencies": { - "@remix-run/router": "1.16.1" + "@remix-run/router": "1.23.2" }, "engines": { "node": ">=14.0.0" @@ -3645,12 +3647,13 @@ } }, "node_modules/react-router-dom": { - "version": "6.23.1", - "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.23.1.tgz", - "integrity": "sha512-utP+K+aSTtEdbWpC+4gxhdlPFwuEfDKq8ZrPFU65bbRJY+l706qjR7yaidBpo3MSeA/fzwbXWbKBI6ftOnP3OQ==", + "version": "6.30.3", + "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.30.3.tgz", + "integrity": "sha512-pxPcv1AczD4vso7G4Z3TKcvlxK7g7TNt3/FNGMhfqyntocvYKj+GCatfigGDjbLozC4baguJ0ReCigoDJXb0ag==", + "license": "MIT", "dependencies": { - "@remix-run/router": "1.16.1", - "react-router": "6.23.1" + "@remix-run/router": "1.23.2", + "react-router": "6.30.3" }, "engines": { "node": ">=14.0.0" diff --git a/connect-sdk/package.json b/connect-sdk/package.json index 116afad..3ed17e9 100644 --- a/connect-sdk/package.json +++ b/connect-sdk/package.json @@ -17,7 +17,7 @@ "react-hot-toast": "^2.4.1", "react-loading-skeleton": "^3.4.0", "react-modal": "^3.16.1", - "react-router-dom": "^6.23.1", + "react-router-dom": "^6.30.3", "serve": "^14.2.3" }, "devDependencies": {