Skip to content

chore(deps): update dependency @remix-run/react to v2.17.3 [security]#613

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-remix-run-react-vulnerability
Open

chore(deps): update dependency @remix-run/react to v2.17.3 [security]#613
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-remix-run-react-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Jan 8, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@remix-run/react (source) 2.16.62.17.3 age confidence

React Router has XSS Vulnerability

CVE-2025-59057 / GHSA-3cgp-3xvw-98x8

More information

Details

A XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag.

[!NOTE]
This does not impact applications using Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>).

Severity

  • CVSS Score: 7.6 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

React Router SSR XSS in ScrollRestoration

CVE-2026-21884 / GHSA-8v8x-cx79-35w7

More information

Details

A XSS vulnerability exists in in React Router's <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys.

[!NOTE]
This does not impact applications if developers have disabled server-side rendering in Framework Mode, or if they are using Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>).

Severity

  • CVSS Score: 8.2 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

remix-run/remix (@​remix-run/react)

v2.17.0

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Pull requests that update a dependency file javascript labels Jan 8, 2026
@renovate renovate Bot requested a review from a team as a code owner January 8, 2026 20:53
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Jan 8, 2026
@renovate renovate Bot enabled auto-merge (squash) January 8, 2026 20:53
@renovate renovate Bot added the javascript label Jan 8, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented Jan 8, 2026
edited
Loading

Deploy Preview for remix-edge ready!

Name Link
🔨 Latest commit bb325b6
🔍 Latest deploy log https://app.netlify.com/projects/remix-edge/deploys/69e614e08578e50007ad6deb
😎 Deploy Preview https://deploy-preview-613--remix-edge.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link
Copy Markdown

netlify Bot commented Jan 8, 2026
edited
Loading

Deploy Preview for remix-serverless ready!

Name Link
🔨 Latest commit bb325b6
🔍 Latest deploy log https://app.netlify.com/projects/remix-serverless/deploys/69e614e0b017fa0008519ccc
😎 Deploy Preview https://deploy-preview-613--remix-serverless.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions github-actions Bot added the type: chore work needed to keep the product and development running smoothly label Jan 8, 2026
kodiakhq[bot]
kodiakhq Bot previously approved these changes Jan 8, 2026
View reviewed changes
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from 1c2c671 to 50a92d6 Compare January 8, 2026 21:07
@renovate renovate Bot changed the title chore(deps): update dependency @remix-run/react to v2.17.1 [security] chore(deps): update dependency @remix-run/react to v2.17.3 [security] Jan 8, 2026
kodiakhq[bot]
kodiakhq Bot previously approved these changes Jan 8, 2026
View reviewed changes
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch 2 times, most recently from fcdf9ae to e640eee Compare January 23, 2026 20:54
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from e640eee to a834070 Compare February 2, 2026 22:05
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from a834070 to 2139dcd Compare February 24, 2026 23:35
kodiakhq[bot]
kodiakhq Bot previously approved these changes Feb 24, 2026
View reviewed changes
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from 2139dcd to 3b6b0db Compare February 24, 2026 23:50
kodiakhq[bot]
kodiakhq Bot previously approved these changes Feb 24, 2026
View reviewed changes
serhalp
serhalp previously approved these changes Feb 25, 2026
View reviewed changes
@renovate renovate Bot dismissed stale reviews from serhalp and kodiakhq[bot] via f315b23 March 5, 2026 20:26
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from dbdd29f to f315b23 Compare March 5, 2026 20:26
kodiakhq[bot]
kodiakhq Bot previously approved these changes Mar 5, 2026
View reviewed changes
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from f315b23 to 922ee75 Compare March 6, 2026 19:16
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from f2d5964 to d287e05 Compare March 13, 2026 14:17
kodiakhq[bot]
kodiakhq Bot previously approved these changes Mar 13, 2026
View reviewed changes
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from d287e05 to 3c825b5 Compare March 23, 2026 06:33
kodiakhq[bot]
kodiakhq Bot previously approved these changes Mar 23, 2026
View reviewed changes
@renovate renovate Bot changed the title chore(deps): update dependency @remix-run/react to v2.17.3 [security] chore(deps): update dependency @remix-run/react to v2.17.3 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
auto-merge was automatically disabled March 27, 2026 02:47

Pull request was closed

@renovate renovate Bot deleted the renovate/npm-remix-run-react-vulnerability branch March 27, 2026 02:47
@renovate renovate Bot changed the title chore(deps): update dependency @remix-run/react to v2.17.3 [security] - autoclosed chore(deps): update dependency @remix-run/react to v2.17.3 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from 88e0c62 to 3c825b5 Compare March 30, 2026 18:54
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from 3c825b5 to 88e0c62 Compare March 30, 2026 18:55
kodiakhq[bot]
kodiakhq Bot previously approved these changes Mar 30, 2026
View reviewed changes
@renovate renovate Bot enabled auto-merge (squash) April 1, 2026 15:47
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from 88e0c62 to 88d75b6 Compare April 1, 2026 15:47
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from 88d75b6 to d55867a Compare April 6, 2026 10:41
kodiakhq[bot]
kodiakhq Bot previously approved these changes Apr 6, 2026
View reviewed changes
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from d55867a to d454e01 Compare April 6, 2026 18:48
kodiakhq[bot]
kodiakhq Bot previously approved these changes Apr 6, 2026
View reviewed changes
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from d454e01 to e853375 Compare April 8, 2026 17:26
kodiakhq[bot]
kodiakhq Bot previously approved these changes Apr 8, 2026
View reviewed changes
@renovate renovate Bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from e853375 to bb325b6 Compare April 20, 2026 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kodiakhq kodiakhq[bot] kodiakhq[bot] approved these changes

@serhalp serhalp serhalp left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript type: chore work needed to keep the product and development running smoothly

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@serhalp