Skip to content

chore(deps): bump react-router and react-router-dom in /humanlayer-wui#36

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/humanlayer-wui/multi-4ad6f623a9
Closed

chore(deps): bump react-router and react-router-dom in /humanlayer-wui#36
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/humanlayer-wui/multi-4ad6f623a9

chore(deps): bump react-router and react-router-dom in /humanlayer-wui

d9e7689
Select commit
Loading
Failed to load commit list.
Kusari Inspector / Kusari Inspector succeeded Jun 3, 2026 in 56s

Security Analysis Passed

No security issues found

Details

Kusari Inspector

Kusari Analysis Results:

Proceed with these changes

✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.

Both dependency and code security analyses independently recommend proceeding with no blocking concerns. The primary benefit of this PR is the update of react-router and react-router-dom from 7.6.3 to 7.16.0, which resolves 9 CVEs covering XSS, CSRF, open redirect, DoS, and an RCE chain vulnerability. The new version (7.16.0) is the latest release with no active advisories. Additional changes include a minor patch update to the cookie package (1.0.2 to 1.1.1) and platform-specific binary additions for esbuild, rollup, tailwindcss/oxide, lightningcss, sentry CLI, and tauri CLI — all transitive dependencies with no identified vulnerabilities. The code analysis found zero findings across all severity levels, with no exposed secrets or workflow issues. This PR is a net security improvement with no introduced risk.

Note

View full detailed analysis result for more information on the output and the checks that were run.


@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: d9e7689, performed at: 2026-06-03T21:48:51Z