Bump react-router-dom from 5.0.1 to 6.10.0

[dependabot]

Bumps react-router-dom from 5.0.1 to 6.10.0.

Release notes

Sourced from react-router-dom's releases.

v6.4.4

What's Changed

• Throw an error if an action/loader function returns undefined as revalidations need to know whether the loader has previously been executed. undefined also causes issues during SSR stringification for hydration. You should always ensure your loader/action returns a value, and you may return null if you don't wish to return anything. (#9511)
• Properly handle redirects to external domains (#9590, #9654)
• Preserve the HTTP method on 307/308 redirects (#9597)
• Support basename in static data routers (#9591)
• Enhanced ErrorResponse bodies to contain more descriptive text in internal 403/404/405 scenarios
• Fix issues with encoded characters in NavLink and descendant <Routes> (#9589, #9647)
• Properly serialize/deserialize ErrorResponse instances when using built-in hydration (#9593)
• Support basename in static data routers (#9591)
• Updated dependencies:
  • @remix-run/router@1.0.4
  • react-router@6.4.4

Full Changelog: https://github.com/remix-run/react-router/compare/react-router-dom@6.4.3...react-router-dom@6.4.4

react-router-dom@6.4.0-pre.15

Patch Changes

• fix: remove internal router singleton (#9227)

  This change removes the internal module-level routerSingleton we create and maintain inside our data routers since it was causing a number of headaches for non-simple use cases:

  • Unit tests are a pain because you need to find a way to reset the singleton in-between tests
    • Use use a _resetModuleScope singleton for our tests
    • ...but this isn't exposed to users who may want to do their own tests around our router
  • The JSX children <Route> objects cause non-intuitive behavior based on idiomatic react expectations
    • Conditional runtime <Route>'s won't get picked up
    • Adding new <Route>'s during local dev won't get picked up during HMR
    • Using external state in your elements doesn't work as one might expect (see #9225)

  Instead, we are going to lift the singleton out into user-land, so that they create the router singleton and manage it outside the react tree - which is what react 18 is encouraging with useSyncExternalStore anyways! This also means that since users create the router - there's no longer any difference in the rendering aspect for memory/browser/hash routers (which only impacts router/history creation) - so we can get rid of those and trim to a simple RouterProvider

  // Before
  function App() {
    <DataBrowserRouter>
      <Route path="/" element={<Layout />}>
        <Route index element={<Home />}>
      </Route>
    <DataBrowserRouter>
  }
  // After
  let router = createBrowserRouter([{
  path: "/",
  element: <Layout />,
  children: [{
  index: true,

... (truncated)

Changelog

Sourced from react-router-dom's changelog.

6.10.0

Minor Changes

• Added support for Future Flags in React Router. The first flag being introduced is future.v7_normalizeFormMethod which will normalize the exposed useNavigation()/useFetcher() formMethod fields as uppercase HTTP methods to align with the fetch() behavior. (#10207)

  • When future.v7_normalizeFormMethod === false (default v6 behavior),
    • useNavigation().formMethod is lowercase
    • useFetcher().formMethod is lowercase
  • When future.v7_normalizeFormMethod === true:
    • useNavigation().formMethod is uppercase
    • useFetcher().formMethod is uppercase

Patch Changes

• Fix createStaticHandler to also check for ErrorBoundary on routes in addition to errorElement (#10190)
• Updated dependencies:
  • @remix-run/router@1.5.0
  • react-router@6.10.0

6.9.0

Minor Changes

• React Router now supports an alternative way to define your route element and errorElement fields as React Components instead of React Elements. You can instead pass a React Component to the new Component and ErrorBoundary fields if you choose. There is no functional difference between the two, so use whichever approach you prefer 😀. You shouldn't be defining both, but if you do Component/ErrorBoundary will "win". (#10045)

  Example JSON Syntax

  // Both of these work the same:
  const elementRoutes = [{
    path: '/',
    element: <Home />,
    errorElement: <HomeError />,
  }]
  const componentRoutes = [{
  path: '/',
  Component: Home,
  ErrorBoundary: HomeError,
  }]
  function Home() { ... }
  function HomeError() { ... }

  Example JSX Syntax

  // Both of these work the same:

... (truncated)

Commits

• a3927fe chore: Update version for release (#10284)
• 8f7939c chore: Update version for release (pre) (#10260)
• 7799f6c chore: Update version for release (pre) (#10248)
• 97b5c42 chore: Update version for release (pre) (#10243)
• dff7e64 Add future.v7_normalizeFormMethod flag (#10207)
• 6c68e1e Properly handle lazy errors during router initialization (#10201)
• 474feb7 Remove wrapper API from data browser router tests (#10196)
• 7ba352e chore: format
• 0f561ee fix(react-router-dom): fix detectErrorBoundary function (#10190)
• 4ec107a chore: Update version for release (#10185)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore @remix-run/router@1.5.0
• @SocketSecurity ignore react-router@6.10.0
• @SocketSecurity ignore react-router-dom@6.10.0
• @SocketSecurity ignore resolve-pathname@3.0.0
• @SocketSecurity ignore value-equal@1.0.1
• @SocketSecurity ignore history@4.10.1
• @SocketSecurity ignore path-to-regexp@1.8.0
• @SocketSecurity ignore css-select@1.2.0
• @SocketSecurity ignore css-select@2.0.2

⚠️ Network access

This module accesses the network.

Packages should remove all network access that isn't functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Package	Module	Location	Source
@remix-run/router@1.5.0 (added)	globalThis["fetch"]	dist/router.cjs.js	package.json via react-router-dom@6.10.0
@remix-run/router@1.5.0 (added)	globalThis["fetch"]	dist/router.js	package.json via react-router-dom@6.10.0
@remix-run/router@1.5.0 (added)	globalThis["fetch"]	dist/router.umd.js	package.json via react-router-dom@6.10.0

⚠️ URL strings

Package contains fragments of external URLs or IP addresses, which may indicate that it covertly exfiltrates data.

Avoid using packages that make connections to the network, since this helps to leak data.

Package	URL Fragment	Location	Source
react-router@6.10.0 (upgraded)	https://reactrouter.com/routers/picking-a-router	dist/index.js	package.json via react-router-dom@6.10.0
react-router@6.10.0 (upgraded)	https://reactrouter.com/routers/picking-a-router	dist/umd/react-router.development.js	package.json via react-router-dom@6.10.0
react-router-dom@6.10.0 (upgraded)	https://reactrouter.com/routers/picking-a-router	dist/index.js	package.json
react-router-dom@6.10.0 (upgraded)	https://reactrouter.com/routers/picking-a-router	dist/umd/react-router-dom.development.js	package.json
react-router-dom@6.10.0 (upgraded)	https://polyfill.io/v3/	dist/index.js	package.json
react-router-dom@6.10.0 (upgraded)	https://polyfill.io/v3/	dist/umd/react-router-dom.development.js	package.json
react-router-dom@6.10.0 (upgraded)	https://github.com/ungap/url-search-params	dist/index.js	package.json
react-router-dom@6.10.0 (upgraded)	https://github.com/ungap/url-search-params	dist/umd/react-router-dom.development.js	package.json

⚠️ Environment variable access

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Packages should be clear about which environment variables they access, and care should be taken to ensure they only access environment variables they claim to.

Package	ENV Vars	Location	Source
resolve-pathname@3.0.0 (upgraded)		index.js	package.json via react-router-transition@1.3.0
resolve-pathname@3.0.0 (upgraded)		index.js	package.json via react-router-transition@1.3.0
value-equal@1.0.1 (upgraded)		index.js	package.json via react-router-transition@1.3.0
value-equal@1.0.1 (upgraded)		index.js	package.json via react-router-transition@1.3.0

⚠️ Minified code

This package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.

In many cases minified code is harmless, however minified code can be used to hide a supply chain attack. Consider not shipping minified code on npm.

Package	Confidence	Location	Source
history@4.10.1 (upgraded)	1.00	cjs/history.min.js	package.json via react-router-transition@1.3.0
react-router@6.10.0 (upgraded)	1.00	dist/umd/react-router.production.min.js	package.json via react-router-dom@6.10.0
react-router-dom@6.10.0 (upgraded)	1.00	dist/umd/react-router-dom.production.min.js	package.json

⚠️ No tests

Package does not have any tests. This is a strong signal of a poorly maintained or low quality package.

Add tests and publish a new version of the package. Consumers may look for an alternative package with better testing.

Package	Location	Source
@remix-run/router@1.5.0 (added)	package.json	package.json via react-router-dom@6.10.0
react-router@6.10.0 (upgraded)	package.json	package.json via react-router-dom@6.10.0
react-router-dom@6.10.0 (upgraded)	package.json	package.json

⚠️ Chronological version anomaly

Semantic versions published out of chronological order.

This could either indicate dependency confusion or a patched vulnerability.

Package	Previous Chronological	Previous Semver	Source
@remix-run/router@1.5.0 (added)	@remix-run/router@0.0.0-experimental-0db28b07 (3/24/2023, 3:35:26 PM)	@remix-run/router@1.5.0-pre.2 (3/24/2023, 3:30:37 PM)	package.json via react-router-dom@6.10.0
path-to-regexp@1.8.0 (upgraded)	path-to-regexp@3.1.0 (8/31/2019, 3:59:25 AM)	path-to-regexp@1.7.0 (11/8/2016, 6:38:49 PM)	package.json via react-router-transition@1.3.0
react-router@6.10.0 (upgraded)	react-router@0.0.0-experimental-0db28b07 (3/24/2023, 3:35:28 PM)	react-router@6.10.0-pre.2 (3/24/2023, 3:30:36 PM)	package.json via react-router-dom@6.10.0
react-router-dom@6.10.0 (upgraded)	react-router-dom@0.0.0-experimental-0db28b07 (3/24/2023, 3:35:30 PM)	react-router-dom@6.10.0-pre.2 (3/24/2023, 3:30:36 PM)	package.json

⚠️ Unmaintained

Package has not been updated in more than a year and may be unmaintained. Problems with the package may go unaddressed.

Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance.

Package	Last Publish Date	Source
css-select@1.2.0 (added)	4/27/2022, 6:29:37 PM	package.json via react-scripts@3.0.1
css-select@2.0.2 (added)	4/27/2022, 6:29:37 PM	package.json via react-scripts@3.0.1

Pull request alert summary

Issue	Status
Critical CVE	✅ 0 issues
CVE	✅ 0 issues
Mild CVE	✅ 0 issues
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script confusion	✅ 0 issues
Bin script shell injection	✅ 0 issues
Filesystem access	✅ 0 issues
Network access	⚠️ 3 issues
Shell access	✅ 0 issues
Debug access	✅ 0 issues
Long strings	✅ 0 issues
High entropy strings	✅ 0 issues
URL strings	⚠️ 8 issues
Uses eval	✅ 0 issues
Dynamic require	✅ 0 issues
Environment variable access	⚠️ 4 issues
Missing dependency	✅ 0 issues
Unused dependency	✅ 0 issues
Peer dependency	✅ 0 issues
Uncaught optional dependency	✅ 0 issues
Unresolved require	✅ 0 issues
Extraneous dependency	✅ 0 issues
Obfuscated require	✅ 0 issues
Obfuscated code	✅ 0 issues
Minified code	⚠️ 3 issues
Bidirectional unicode control characters	✅ 0 issues
Zero width unicode chars	✅ 0 issues
Bad text encoding	✅ 0 issues
Unicode homoglyphs	✅ 0 issues
Invisible chars	✅ 0 issues
Suspicious strings	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
GitHub dependency	✅ 0 issues
File dependency	✅ 0 issues
No tests	⚠️ 3 issues
No repository	✅ 0 issues
Bad semver	✅ 0 issues
Bad dependency semver	✅ 0 issues
No v1	✅ 0 issues
No website	✅ 0 issues
No bug tracker	✅ 0 issues
No contributors or author data	✅ 0 issues
CommonJS depending on ESModule	✅ 0 issues
Empty package	✅ 0 issues
Trivial Package	✅ 0 issues
No README	✅ 0 issues
Deprecated	✅ 0 issues
Chronological version anomaly	⚠️ 4 issues
Semver anomaly	✅ 0 issues
New author	✅ 0 issues
Unstable ownership	✅ 0 issues
Non-existent author	✅ 0 issues
Unmaintained	⚠️ 2 issues
Unpublished package	✅ 0 issues
Major refactor	✅ 0 issues
Missing package tarball	✅ 0 issues
Unsafe copyright	✅ 0 issues
License change	✅ 0 issues
Non OSI license	✅ 0 issues
Deprecated license	✅ 0 issues
Missing license	✅ 0 issues
Non SPDX license	✅ 0 issues
Unclear license	✅ 0 issues
Mixed license	✅ 0 issues
Legal notice	✅ 0 issues
Modified license	✅ 0 issues
Modified license exception	✅ 0 issues
License exception	✅ 0 issues
Deprecated SPDX exception	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues
AI detected security risk	✅ 0 issues
AI warning	✅ 0 issues

---

📊 Modified Dependency Overview:

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
react-router-dom@6.10.0	5.0.1...6.10.0	network	+2/-9	mjackson

[dependabot]

Superseded by #170.