Skip to content

Bumped react-router-dom from 6.30.3 to 6.30.4#4948

Open
ChrisSmithCGI wants to merge 5 commits into
mainfrom
dependency/npm_and_yarn/ui/react_router
Open

Bumped react-router-dom from 6.30.3 to 6.30.4#4948
ChrisSmithCGI wants to merge 5 commits into
mainfrom
dependency/npm_and_yarn/ui/react_router

Conversation

@ChrisSmithCGI

@ChrisSmithCGI ChrisSmithCGI commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Resolves

https://github.com/microsoft/AzureTRE/security/dependabot/372

What is being addressed

Updated react-router-dom from 6.30.3 to 6.30.4 to resolve CVE-2026-40181

@ChrisSmithCGI ChrisSmithCGI requested a review from a team as a code owner July 3, 2026 15:35
Copilot AI review requested due to automatic review settings July 3, 2026 15:35
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

Unit Test Results

241 tests   241 ✅  25s ⏱️
 27 suites    0 💤
  1 files      0 ❌

Results for commit faf936e.

♻️ This comment has been updated with latest results.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the UI’s React Router dependency to address a Dependabot-reported security issue by moving to react-router-dom 6.30.4 and refreshing the npm lockfile entries accordingly.

Changes:

  • Bump react-router-dom from 6.30.3 to 6.30.4 in the UI package manifest.
  • Update package-lock.json to lock react-router-dom/react-router to 6.30.4 (and @remix-run/router to 1.23.3).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 4 comments.

File Description
ui/app/package.json Updates the react-router-dom dependency version spec.
ui/app/package-lock.json Locks updated router-related package versions and reflects the dependency spec change.
Files not reviewed (1)
  • ui/app/package-lock.json: Generated file

Comment thread ui/app/package.json Outdated
Comment thread ui/app/package-lock.json Outdated
Comment thread ui/app/package.json Outdated
Comment thread ui/app/package.json Outdated
@ChrisSmithCGI ChrisSmithCGI added dependencies Pull requests that update a dependency file ui TRE UI labels Jul 3, 2026
ChrisSmithCGI and others added 2 commits July 3, 2026 16:45
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@ChrisSmithCGI ChrisSmithCGI changed the title Bumped react-dom-router from 6.30.3 to 6.30.4 Bumped react-router-dom from 6.30.3 to 6.30.4 Jul 3, 2026
@ChrisSmithCGI

Copy link
Copy Markdown
Collaborator Author

@microsoft-github-policy-service agree company="CGI"

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.

Files not reviewed (1)
  • ui/app/package-lock.json: Generated file

Comment thread ui/app/package.json
Comment thread ui/app/package-lock.json Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.

Files not reviewed (1)
  • ui/app/package-lock.json: Generated file

Comment thread ui/app/package-lock.json
Comment on lines 118 to 123
"resolved": "https://registry.npmjs.org/@azure/msal-browser/-/msal-browser-2.39.0.tgz",
"integrity": "sha512-kks/n2AJzKUk+DBqZhiD+7zeQGBl+WpSOQYzWy6hff3bU0ZrYFqr4keFLlzB5VKuKZog0X59/FGHb1RPBDZLVg==",
"license": "MIT",
"peer": true,
"dependencies": {
"@azure/msal-common": "13.3.3"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file ui TRE UI

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants