fix(deps): update dependency react-router to v6.30.4 [security] by renovate[bot] · Pull Request #4944 · redhat-developer/rhdh

renovate · 2026-06-14T23:30:11Z

This PR contains the following updates:

Package	Change	Age	Confidence
react-router (source)	`6.30.3` → `6.30.4`

React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation

CVE-2026-40181 / GHSA-2j2x-hqr9-3h42

More information

Details

Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect.

[!NOTE]
This does not impact your React Router application if you are using Declarative Mode (<BrowserRouter>)

Severity

CVSS Score: 6.6 / 10 (Medium)
Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

remix-run/react-router (react-router)

`v6.30.4`: v6.30.4

Compare Source

See the changelog for release notes: https://github.com/remix-run/react-router/blob/v6/CHANGELOG.md#v6304

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

openshift-ci · 2026-06-14T23:30:23Z

Hi @renovate[bot]. Thanks for your PR.

I'm waiting for a redhat-developer member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

codecov · 2026-06-14T23:33:48Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.77%. Comparing base (b5b37c4) to head (e178518).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4944      +/-   ##
==========================================
- Coverage   55.39%   54.77%   -0.62%     
==========================================
  Files         122      110      -12     
  Lines        2365     2147     -218     
  Branches      568      542      -26     
==========================================
- Hits         1310     1176     -134     
+ Misses       1048      970      -78     
+ Partials        7        1       -6

Flag	Coverage Δ
rhdh	`54.77% <ø> (-0.62%)`	⬇️

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b5b37c4...e178518. Read the comment docs.

🚀 New features to boost your workflow:

📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-actions · 2026-06-15T00:01:22Z