Skip to content

chore(deps): update dependency @remix-run/react to v2.17.3 [security]#613

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-remix-run-react-vulnerability
Open

chore(deps): update dependency @remix-run/react to v2.17.3 [security]#613
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-remix-run-react-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 8, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@remix-run/react (source) 2.16.62.17.3 age confidence

GitHub Vulnerability Alerts

CVE-2025-59057

A XSS vulnerability exists in in React Router's meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag.

Note

This does not impact applications using Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>).

CVE-2026-21884

A XSS vulnerability exists in in React Router's <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys.

Note

This does not impact applications if developers have disabled server-side rendering in Framework Mode, or if they are using Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>).

Release Notes

remix-run/remix (@​remix-run/react)

v2.17.0

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Pull requests that update a dependency file javascript labels Jan 8, 2026
@renovate renovate bot requested a review from a team as a code owner January 8, 2026 20:53
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jan 8, 2026
@renovate renovate bot enabled auto-merge (squash) January 8, 2026 20:53
@renovate renovate bot added the javascript label Jan 8, 2026
@netlify
Copy link

netlify bot commented Jan 8, 2026
edited
Loading

Deploy Preview for remix-edge ready!

Name Link
🔨 Latest commit d287e05
🔍 Latest deploy log https://app.netlify.com/projects/remix-edge/deploys/69b41c8a389583000825ad9d
😎 Deploy Preview https://deploy-preview-613--remix-edge.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Jan 8, 2026
edited
Loading

Deploy Preview for remix-serverless ready!

Name Link
🔨 Latest commit d287e05
🔍 Latest deploy log https://app.netlify.com/projects/remix-serverless/deploys/69b41c8a41b4ca000752acae
😎 Deploy Preview https://deploy-preview-613--remix-serverless.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions github-actions bot added the type: chore work needed to keep the product and development running smoothly label Jan 8, 2026
kodiakhq[bot]
kodiakhq bot previously approved these changes Jan 8, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from 1c2c671 to 50a92d6 Compare January 8, 2026 21:07
@renovate renovate bot changed the title chore(deps): update dependency @remix-run/react to v2.17.1 [security] chore(deps): update dependency @remix-run/react to v2.17.3 [security] Jan 8, 2026
kodiakhq[bot]
kodiakhq bot previously approved these changes Jan 8, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch 2 times, most recently from fcdf9ae to e640eee Compare January 23, 2026 20:54
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from e640eee to a834070 Compare February 2, 2026 22:05
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from a834070 to 2139dcd Compare February 24, 2026 23:35
kodiakhq[bot]
kodiakhq bot previously approved these changes Feb 24, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from 2139dcd to 3b6b0db Compare February 24, 2026 23:50
kodiakhq[bot]
kodiakhq bot previously approved these changes Feb 24, 2026
View reviewed changes
serhalp
serhalp previously approved these changes Feb 25, 2026
View reviewed changes
@renovate renovate bot dismissed stale reviews from serhalp and kodiakhq[bot] via f315b23 March 5, 2026 20:26
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from dbdd29f to f315b23 Compare March 5, 2026 20:26
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 5, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from f315b23 to 922ee75 Compare March 6, 2026 19:16
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 6, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from 922ee75 to bde6867 Compare March 9, 2026 12:59
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 9, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from bde6867 to c0aa951 Compare March 9, 2026 16:11
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 9, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from c0aa951 to f2d5964 Compare March 13, 2026 11:34
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 13, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-react-vulnerability branch from f2d5964 to d287e05 Compare March 13, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kodiakhq kodiakhq[bot] kodiakhq[bot] approved these changes

@serhalp serhalp serhalp left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript type: chore work needed to keep the product and development running smoothly

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@serhalp