openclaw/hermes-agent
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

fix(deps): bump react-router-dom to 7.17.0 (GHSA-8x6r-g9mw-2r78)

Browse Source 
Clears the npm-audit React Router advisory CVE-2026-42342 in the web
and apps/desktop workspaces by bumping react-router-dom 7.14.x -> ^7.17.0
(patched in 7.15.0; both react-router and react-router-dom now resolve
to 7.17.0 in the root lockfile).

Note: the advisory's DoS only affects React Router *Framework Mode*
(the __manifest server endpoint). Both workspaces use Declarative Mode
(web: <BrowserRouter>, desktop: <HashRouter>) as pure client-side SPAs,
so we were never actually exploitable -- this is audit-hygiene only.

npm audit --omit=dev: 0 vulnerabilities. Web + desktop + ui-tui builds
and tsc typecheck all green on 7.17.0.
This commit is contained in:
Ben
2026-06-05 09:27:02 +10:00
committed by Teknium
parent 7f016f5f33
commit 46c16b9288
3 changed files with 24 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/desktop/package.json
View File

@ -84,7 +84,7 @@
"react": "^19.2.5",
"react-arborist": "^3.5.0",
"react-dom": "^19.2.5",
"react-router-dom": "^7.14.2",
"react-router-dom": "^7.17.0",
"react-shiki": "^0.9.3",
"remark-math": "^6.0.0",
"shiki": "^4.0.2",

70
package-lock.json generated
View File

@ -100,7 +100,7 @@
"react": "^19.2.5",
"react-arborist": "^3.5.0",
"react-dom": "^19.2.5",
"react-router-dom": "^7.14.2",
"react-router-dom": "^7.17.0",
"react-shiki": "^0.9.3",
"remark-math": "^6.0.0",
"shiki": "^4.0.2",
@ -10188,6 +10188,19 @@
"node": "^12.20.0 || ^14.13.1 || >=16.0.0"
}
},
"node_modules/cookie": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
"integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
"license": "MIT",
"engines": {
"node": ">=18"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/core-util-is": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
@ -17785,9 +17798,9 @@
}
},
"node_modules/react-router": {
"version": "7.14.2",
"resolved": "https://registry.npmjs.org/react-router/-/react-router-7.14.2.tgz",
"integrity": "sha512-yCqNne6I8IB6rVCH7XUvlBK7/QKyqypBFGv+8dj4QBFJiiRX+FG7/nkdAvGElyvVZ/HQP5N19wzteuTARXi5Gw==",
"version": "7.17.0",
"resolved": "https://registry.npmjs.org/react-router/-/react-router-7.17.0.tgz",
"integrity": "sha512-FDELK7rTMlCHO5+reyXsPlmfr7N1F91lPHsWYfMEGQm/KQ+F4JFM8jGoeQDmDvdTs93Fw9aSilH+uKRb4/jXvQ==",
"license": "MIT",
"dependencies": {
"cookie": "^1.0.1",
@ -17807,12 +17820,12 @@
}
},
"node_modules/react-router-dom": {
"version": "7.14.2",
"resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.14.2.tgz",
"integrity": "sha512-YZcM5ES8jJSM+KrJ9BdvHHqlnGTg5tH3sC5ChFRj4inosKctdyzBDhOyyHdGk597q2OT6NTrCA1OvB/YDwfekQ==",
"version": "7.17.0",
"resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.17.0.tgz",
"integrity": "sha512-fyU2yjGups/hE6Xz0I5ZYbVL8Gx29eCjgpHaRaTaVU+OOAdfRX05KsvyRm0GO8YQwOkhpU3MurW1jyMUJn+zSw==",
"license": "MIT",
"dependencies": {
"react-router": "7.14.2"
"react-router": "7.17.0"
},
"engines": {
"node": ">=20.0.0"
@ -17822,19 +17835,6 @@
"react-dom": ">=18"
}
},
"node_modules/react-router/node_modules/cookie": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
"integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
"license": "MIT",
"engines": {
"node": ">=18"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/react-shiki": {
"version": "0.9.3",
"resolved": "https://registry.npmjs.org/react-shiki/-/react-shiki-0.9.3.tgz",
@ -19701,7 +19701,6 @@
"os": [
"aix"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19718,7 +19717,6 @@
"os": [
"android"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19735,7 +19733,6 @@
"os": [
"android"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19752,7 +19749,6 @@
"os": [
"android"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19769,7 +19765,6 @@
"os": [
"darwin"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19786,7 +19781,6 @@
"os": [
"darwin"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19803,7 +19797,6 @@
"os": [
"freebsd"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19820,7 +19813,6 @@
"os": [
"freebsd"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19837,7 +19829,6 @@
"os": [
"linux"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19854,7 +19845,6 @@
"os": [
"linux"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19871,7 +19861,6 @@
"os": [
"linux"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19888,7 +19877,6 @@
"os": [
"linux"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19905,7 +19893,6 @@
"os": [
"linux"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19922,7 +19909,6 @@
"os": [
"linux"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19939,7 +19925,6 @@
"os": [
"linux"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19956,7 +19941,6 @@
"os": [
"linux"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19973,7 +19957,6 @@
"os": [
"linux"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -19990,7 +19973,6 @@
"os": [
"netbsd"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -20007,7 +19989,6 @@
"os": [
"netbsd"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -20024,7 +20005,6 @@
"os": [
"openbsd"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -20041,7 +20021,6 @@
"os": [
"openbsd"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -20058,7 +20037,6 @@
"os": [
"openharmony"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -20075,7 +20053,6 @@
"os": [
"sunos"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -20092,7 +20069,6 @@
"os": [
"win32"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -20109,7 +20085,6 @@
"os": [
"win32"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -20126,7 +20101,6 @@
"os": [
"win32"
],
"peer": true,
"engines": {
"node": ">=18"
}
@ -22172,7 +22146,7 @@
"qrcode": "^1.5.4",
"react": "^19.2.4",
"react-dom": "^19.2.4",
"react-router-dom": "^7.14.1",
"react-router-dom": "^7.17.0",
"tailwind-merge": "^3.5.0",
"tailwindcss": "^4.2.1",
"unicode-animations": "^1.0.3"

2
web/package.json
View File

@ -28,7 +28,7 @@
"qrcode": "^1.5.4",
"react": "^19.2.4",
"react-dom": "^19.2.4",
"react-router-dom": "^7.14.1",
"react-router-dom": "^7.17.0",
"tailwind-merge": "^3.5.0",
"tailwindcss": "^4.2.1",
"unicode-animations": "^1.0.3"