Skip to content

chore(deps): update dependency @remix-run/server-runtime to v2.17.3 [security]#618

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-remix-run-server-runtime-vulnerability
Open

chore(deps): update dependency @remix-run/server-runtime to v2.17.3 [security]#618
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-remix-run-server-runtime-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Jan 8, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@remix-run/server-runtime (source) 2.16.62.17.3 age confidence

GitHub Vulnerability Alerts

CVE-2026-22030

React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes.

Note

This does not impact applications that use Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>).

Severity
  • CVSS Score: 6.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Release Notes

remix-run/remix (@​remix-run/server-runtime)

v2.17.0

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jan 8, 2026
@renovate renovate bot requested a review from a team as a code owner January 8, 2026 21:08
@renovate renovate bot added the javascript label Jan 8, 2026
@renovate renovate bot enabled auto-merge (squash) January 8, 2026 21:08
@netlify
Copy link
Copy Markdown

netlify bot commented Jan 8, 2026
edited
Loading

Deploy Preview for remix-edge ready!

Name Link
🔨 Latest commit 4f574c8
🔍 Latest deploy log https://app.netlify.com/projects/remix-edge/deploys/69e614ec6464fb0008bec492
😎 Deploy Preview https://deploy-preview-618--remix-edge.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link
Copy Markdown

netlify bot commented Jan 8, 2026
edited
Loading

Deploy Preview for remix-serverless ready!

Name Link
🔨 Latest commit 4f574c8
🔍 Latest deploy log https://app.netlify.com/projects/remix-serverless/deploys/69e614ec50da930008032727
😎 Deploy Preview https://deploy-preview-618--remix-serverless.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions github-actions bot added the type: chore work needed to keep the product and development running smoothly label Jan 8, 2026
kodiakhq[bot]
kodiakhq bot previously approved these changes Jan 8, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch 2 times, most recently from f7e931e to d99e911 Compare January 23, 2026 20:54
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from d99e911 to eb445cc Compare February 2, 2026 22:05
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from eb445cc to 15bb4ad Compare February 24, 2026 23:50
kodiakhq[bot]
kodiakhq bot previously approved these changes Feb 24, 2026
View reviewed changes
serhalp
serhalp previously approved these changes Feb 25, 2026
View reviewed changes
@renovate renovate bot dismissed stale reviews from kodiakhq[bot] and serhalp via 859678c March 6, 2026 13:22
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from 073e7c9 to 859678c Compare March 6, 2026 13:22
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 6, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from 859678c to cc2bd29 Compare March 6, 2026 19:16
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 6, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from cc2bd29 to a0c4119 Compare March 9, 2026 16:12
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 9, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from a0c4119 to 27c5436 Compare March 13, 2026 11:34
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 13, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from 27c5436 to 381238e Compare March 23, 2026 06:33
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 23, 2026
View reviewed changes
@renovate renovate bot changed the title chore(deps): update dependency @remix-run/server-runtime to v2.17.3 [security] chore(deps): update dependency @remix-run/server-runtime to v2.17.3 [security] - autoclosed Mar 27, 2026
@renovate renovate bot closed this Mar 27, 2026
auto-merge was automatically disabled March 27, 2026 02:47

Pull request was closed

@renovate renovate bot deleted the renovate/npm-remix-run-server-runtime-vulnerability branch March 27, 2026 02:47
@renovate renovate bot changed the title chore(deps): update dependency @remix-run/server-runtime to v2.17.3 [security] - autoclosed chore(deps): update dependency @remix-run/server-runtime to v2.17.3 [security] Mar 30, 2026
@renovate renovate bot reopened this Mar 30, 2026
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from fc4f71c to 381238e Compare March 30, 2026 18:55
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from 381238e to fc4f71c Compare March 30, 2026 18:55
kodiakhq[bot]
kodiakhq bot previously approved these changes Mar 30, 2026
View reviewed changes
@renovate renovate bot enabled auto-merge (squash) April 1, 2026 15:47
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from fc4f71c to 966f2c6 Compare April 1, 2026 15:47
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from 966f2c6 to da39832 Compare April 8, 2026 17:26
kodiakhq[bot]
kodiakhq bot previously approved these changes Apr 8, 2026
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-remix-run-server-runtime-vulnerability branch from da39832 to 4f574c8 Compare April 20, 2026 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kodiakhq kodiakhq[bot] kodiakhq[bot] approved these changes

@serhalp serhalp serhalp left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript type: chore work needed to keep the product and development running smoothly

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@serhalp