Update dependency react-router-dom to v7 by mend-for-github-com[bot] · Pull Request #378 · Vonage-Community/tutorial-interactive_tutorials

Security Report

You have successfully remediated 1 vulnerabilities, but introduced 12 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability	Severity	CVSS Score	Vulnerable Library	Direct Library	Suggested Fix	Issue
CVE-2025-61686 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	Critical	9.1	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` @⁠remix-run/node - 2.17.2,https://github.com/remix-run/react-router.git - react-router@7.9.4,@⁠react-router/node - 7.9.4,react-router - no_fix,@⁠remix-run/deno - 2.17.2	None
CVE-2026-21884 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	High	8.2	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.12.0	None
CVE-2025-43865 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	High	8.2	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.5.2	None
CVE-2026-42211 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	High	8.1	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.14.2	None
CVE-2026-22029 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	High	8.0	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.12.0	None
CVE-2025-59057 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	High	7.6	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.9.0	None
CVE-2026-42342 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	High	7.5	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.15.0	None
CVE-2026-40181 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	High	7.5	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.14.1	None
CVE-2026-34077 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> react-router-7.0.0.tgz -> ❌ turbo-stream-2.4.0.tgz (Vulnerable Library)	High	7.5	`Transitive` turbo-stream-2.4.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.14.0	None
CVE-2026-34077 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	High	7.5	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.14.0	None
CVE-2026-22030 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	Medium	6.5	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` @⁠remix-run/server-runtime - 2.17.3,react-router - 7.12.0	None
CVE-2025-68470 Path to dependency file: /tutorials/vonage_video_react_app-feature-config/project/package.json Path to vulnerable library: /tutorials/vonage_video_react_app-feature-config/project/package.json Dependency Hierarchy: -> react-router-dom-7.0.0.tgz (Root Library) -> ❌ react-router-7.0.0.tgz (Vulnerable Library)	Medium	6.5	`Transitive` react-router-7.0.0.tgz	react-router-dom-7.0.0.tgz	`Transitive` 7.9.6	None

✔️ Remediated vulnerabilities:

Vulnerability	Vulnerable Library
CVE-2026-40181	react-router-6.30.3.tgz

Base branch total remaining vulnerabilities: 54
Base branch commit: ed160af5a710083aac66041323cf93ae565de54d

Total libraries scanned: 1443

Scan token: 7b5b6aadd7d54656bfe258047e86acc0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency react-router-dom to v7#378

Update dependency react-router-dom to v7#378
mend-for-github-com[bot] wants to merge 1 commit into
mainfrom
whitesource-remediate/react-router-dom-7.x

Uh oh!

Security Report

Re-running checks...