Skip to content

chore(deps): update dependency @react-router/node to v7.9.4 [security]#543

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-react-router-node-vulnerability
Open

chore(deps): update dependency @react-router/node to v7.9.4 [security]#543
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-react-router-node-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 8, 2026

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@react-router/node (source) 7.4.17.9.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-61686

If applications use createFileSessionStorage() from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the permissions of the web server process to access those files.

Read files cannot be returned directly to the attacker. Session file reads would only succeed if the file matched the expected session file format. If the file matched the session file format, the data would be populated into the server side session but not directly returned to the attacker unless the application logic returned specific session information.


Release Notes

remix-run/react-router (@​react-router/node)

v7.9.4

Compare Source

Patch Changes
  • Validate format of incoming session ids (#​14426)
  • Updated dependencies:
    • react-router@7.9.4

v7.9.3

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.9.3

v7.9.2

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.9.2

v7.9.1

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.9.1

v7.9.0

Compare Source

Minor Changes
Patch Changes
  • Updated dependencies:
    • react-router@7.9.0

v7.8.2

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.8.2

v7.8.1

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.8.1

v7.8.0

Compare Source

Patch Changes
  • [UNSTABLE] Change getLoadContext signature (type GetLoadContextFunction) when future.unstable_middleware is enabled so that it returns an unstable_RouterContextProvider instance instead of a Map used to contruct the instance internally (#​14097)

    • This also removes the type unstable_InitialContext export
    • ⚠️ This is a breaking change if you have adopted middleware and are using a custom server with a getLoadContext function
  • Updated dependencies:

    • react-router@7.8.0

v7.7.1

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.7.1

v7.7.0

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.7.0

v7.6.3

Compare Source

Patch Changes
  • Remove old "install" package exports (#​13762)
  • Updated dependencies:
    • react-router@7.6.3

v7.6.2

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.6.2

v7.6.1

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.6.1

v7.6.0

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.6.0

v7.5.3

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.5.3

v7.5.2

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.5.2

v7.5.1

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.5.1

v7.5.0

Compare Source

Patch Changes
  • Updated dependencies:
    • react-router@7.5.0

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jan 8, 2026

Deploying homepage with  Cloudflare Pages  Cloudflare Pages

Latest commit: 3732e5d
Status: ✅  Deploy successful!
Preview URL: https://17b13425.homepage-dl3.pages.dev
Branch Preview URL: https://renovate-npm-react-router-no.homepage-dl3.pages.dev

View logs

@netlify
Copy link

netlify bot commented Jan 8, 2026

Deploy Preview for vektorprogrammet-homepage ready!

Name Link
🔨 Latest commit 3732e5d
🔍 Latest deploy log https://app.netlify.com/projects/vektorprogrammet-homepage/deploys/699c8e7238d9e000079dff72
😎 Deploy Preview https://deploy-preview-543--vektorprogrammet-homepage.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse
1 paths audited
Performance: 84
Accessibility: 69
Best Practices: 83
SEO: 86
PWA: 60
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@renovate renovate bot force-pushed the renovate/npm-react-router-node-vulnerability branch 2 times, most recently from 551024e to 9eb2236 Compare January 29, 2026 17:51
@renovate renovate bot force-pushed the renovate/npm-react-router-node-vulnerability branch from 9eb2236 to 1ae0bae Compare February 12, 2026 09:59
@renovate renovate bot force-pushed the renovate/npm-react-router-node-vulnerability branch 2 times, most recently from eefab30 to 7e3cd28 Compare February 23, 2026 16:29
@renovate renovate bot force-pushed the renovate/npm-react-router-node-vulnerability branch from 7e3cd28 to 3732e5d Compare February 23, 2026 17:29
@sonarqubecloud
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants