chore(deps): update dependency react-router to v6.30.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
react-router (source)	6.25.1 → 6.30.2

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2025-68470

An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if developers pass untrusted content into navigation paths in their application code.

---

Release Notes

remix-run/react-router (react-router)

v6.30.2: v6.30.2

Compare Source

See the changelog for release notes: https://github.com/remix-run/react-router/blob/v6/CHANGELOG.md#v6302

v6.30.1: v6.30.1

Compare Source

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6301

v6.30.0: v6.30.0

Compare Source

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6300

v6.29.0: v6.29.0

Compare Source

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6290

v6.28.2: v6.28.2

Compare Source

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6282

v6.28.1: v6.28.1

Compare Source

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v6281

v6.28.0

Compare Source

Minor Changes

• • Log deprecation warnings for v7 flags (#​11750)
  • Add deprecation warnings to json/defer in favor of returning raw objects
    • These methods will be removed in React Router v7

Patch Changes

• Update JSDoc URLs for new website structure (add /v6/ segment) (#​12141)
• Updated dependencies:
  • @remix-run/[email protected]

v6.27.0

Compare Source

Minor Changes

• Stabilize unstable_patchRoutesOnNavigation (#​11973)
  • Add new PatchRoutesOnNavigationFunctionArgs type for convenience (#​11967)
• Stabilize unstable_dataStrategy (#​11974)
• Stabilize the unstable_flushSync option for navigations and fetchers (#​11989)
• Stabilize the unstable_viewTransition option for navigations and the corresponding unstable_useViewTransitionState hook (#​11989)

Patch Changes

• Fix bug when submitting to the current contextual route (parent route with an index child) when an ?index param already exists from a prior submission (#​12003)

• Fix useFormAction bug - when removing ?index param it would not keep other non-Remix index params (#​12003)

• Fix types for RouteObject within PatchRoutesOnNavigationFunction's patch method so it doesn't expect agnostic route objects passed to patch (#​11967)

• Updated dependencies:

  • @remix-run/[email protected]

v6.26.2

Compare Source

Patch Changes

• Updated dependencies:
  • @remix-run/[email protected]

v6.26.1

Compare Source

Patch Changes

• Rename unstable_patchRoutesOnMiss to unstable_patchRoutesOnNavigation to match new behavior (#​11888)
• Updated dependencies:
  • @remix-run/[email protected]

v6.26.0

Compare Source

Minor Changes

• Add a new replace(url, init?) alternative to redirect(url, init?) that performs a history.replaceState instead of a history.pushState on client-side navigation redirects (#​11811)

Patch Changes

• Fix initial hydration behavior when using future.v7_partialHydration along with unstable_patchRoutesOnMiss (#​11838)
  • During initial hydration, router.state.matches will now include any partial matches so that we can render ancestor HydrateFallback components
• Updated dependencies:
  • @remix-run/[email protected]

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 069a9c8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

🤖 Nx Cloud AI Fix Eligible

An automatically generated fix could have helped fix failing tasks for this run, but Self-healing CI is disabled for this workspace. Visit workspace settings to enable it and get automatic fixes in future runs.

_{To disable these notifications, a workspace admin can disable them in workspace settings.}

---

View your CI Pipeline Execution ↗ for commit 069a9c8

Command	Status	Duration	Result
nx affected --targets=test:sherif,test:knip,tes...	❌ Failed	2m 38s	View ↗
nx run-many --target=build --exclude=examples/*...	❌ Failed	1m 29s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-01-09 10:17:18 UTC