Skip to content

fix(deps): Bump react-router to 6.30.3#19212

Merged
chargome merged 1 commit intodevelopfrom
fix/bump-react-router-cve-2026-22029
Feb 6, 2026
Merged

fix(deps): Bump react-router to 6.30.3#19212
chargome merged 1 commit intodevelopfrom
fix/bump-react-router-cve-2026-22029

Conversation

@chargome
Copy link
Member

@chargome chargome commented Feb 6, 2026

Bumps the react-router-6 dev dependency in @sentry/react from 6.28.0 to 6.30.3 to resolve CVE-2026-22029 (XSS via open redirects in @remix-run/router <= 1.23.1). The updated react-router pulls in the patched @remix-run/router@1.23.2.

@chargome @claude
fix(deps): Bump react-router to 6.30.3
c5f87c7 
Bumps the `react-router-6` dev dependency in `@sentry/react` from
6.28.0 to 6.30.3 to resolve CVE-2026-22029 (XSS via open redirects
in `@remix-run/router` <= 1.23.1). The updated react-router pulls in
the patched `@remix-run/router@1.23.2`.

Co-Authored-By: Claude <noreply@anthropic.com>
@chargome chargome self-assigned this Feb 6, 2026
@chargome chargome requested review from a team, andreiborza, nicohrubec and stephanie-anderson and removed request for a team and stephanie-anderson February 6, 2026 14:47
@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026
edited
Loading

Codecov Results 📊

Generated by Codecov Action

@github-actions
Copy link
Contributor

github-actions bot commented Feb 6, 2026

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.
⚠️ Warning: Base artifact is not the latest one, because the latest workflow run is not done yet. This may lead to incorrect results. Try to re-run all tests to get up to date results.

Scenario Requests/s % of Baseline Prev. Requests/s Change %
GET Baseline 9,370 - 8,579 +9%
GET With Sentry 1,738 19% 1,636 +6%
GET With Sentry (error only) 6,188 66% 5,976 +4%
POST Baseline 1,218 - 1,158 +5%
POST With Sentry 599 49% 542 +11%
POST With Sentry (error only) 1,053 86% 1,021 +3%
MYSQL Baseline 3,342 - 3,220 +4%
MYSQL With Sentry 511 15% 418 +22%
MYSQL With Sentry (error only) 2,749 82% 2,648 +4%

View base workflow run

@chargome chargome merged commit 3580d70 into develop Feb 6, 2026
214 checks passed
@chargome chargome deleted the fix/bump-react-router-cve-2026-22029 branch February 6, 2026 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andreiborza andreiborza andreiborza approved these changes

@nicohrubec nicohrubec Awaiting requested review from nicohrubec nicohrubec was automatically assigned from getsentry/team-javascript-sdks

Assignees

@chargome chargome

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chargome @andreiborza