From fc3a0b4d923e8f0ec00f780cbab3268bc1b82301 Mon Sep 17 00:00:00 2001 From: cs_betty Date: Wed, 3 Jun 2026 21:56:05 +0000 Subject: [PATCH] chore(deps): bump react-router + react-router-dom to 7.16.0 (CAR-1215) Lockfile-only bump from 7.14.0 -> 7.16.0. The ^7.0.0 range in package.json already permits 7.16.0, so no source changes. Clears three high-severity advisories that block the audit CI gate: - GHSA-49rj-9fvp-4h2h (turbo-stream arbitrary constructor invocation) - GHSA-2j2x-hqr9-3h42 (protocol-relative URL open redirect) - GHSA-8x6r-g9mw-2r78 (DoS via unbounded path expansion) No runtime behavior change; react-router stays on 7.x. npm audit --audit-level=high exits clean (0 high/critical) locally. Co-Authored-By: Claude Opus 4.8 --- package-lock.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0464efb..cd39470 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8305,9 +8305,9 @@ } }, "node_modules/react-router": { - "version": "7.14.0", - "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.14.0.tgz", - "integrity": "sha512-m/xR9N4LQLmAS0ZhkY2nkPA1N7gQ5TUVa5n8TgANuDTARbn1gt+zLPXEm7W0XDTbrQ2AJSJKhoa6yx1D8BcpxQ==", + "version": "7.16.0", + "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.16.0.tgz", + "integrity": "sha512-wArC8lVyJb3+jM9OpDyW6hLCizACWkvQR/sSGqSs+o5uEXEtGlqdZ4v8hENR3Jad6i+LRkK93q/+bQAcvl6V1A==", "license": "MIT", "dependencies": { "cookie": "^1.0.1", @@ -8327,12 +8327,12 @@ } }, "node_modules/react-router-dom": { - "version": "7.14.0", - "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.0.tgz", - "integrity": "sha512-2G3ajSVSZMEtmTjIklRWlNvo8wICEpLihfD/0YMDxbWK2UyP5EGfnoIn9AIQGnF3G/FX0MRbHXdFcD+rL1ZreQ==", + "version": "7.16.0", + "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.16.0.tgz", + "integrity": "sha512-kMUAbimWB5FVbF4Bce4bJsiKJWLIUHq/mEG8+CFDnCSgltptBiG5nguducmsJeGKytlCvQud9Qhzpn49iduTlA==", "license": "MIT", "dependencies": { - "react-router": "7.14.0" + "react-router": "7.16.0" }, "engines": { "node": ">=20.0.0"