Skip to content

Commit 4ef0cba

Browse files
D-K-PD-K-P
committed
fix(security): upgrade Remix packages 2.1.0 → 2.17.3
Addresses CVE-2026-22029 (XSS via open redirects in loaders/actions). Upgraded packages: - @remix-run/express: 2.1.0 → 2.17.3 - @remix-run/node: 2.1.0 → 2.17.3 - @remix-run/react: 2.1.0 → 2.17.3 - @remix-run/router: 1.15.3 → 1.23.2 - @remix-run/serve: 2.1.0 → 2.17.3 - @remix-run/server-runtime: 2.1.0 → 2.17.3 - @remix-run/dev: 2.1.0 → 2.17.3 - @remix-run/eslint-config: 2.1.0 → 2.17.3 - @remix-run/testing: 2.1.0 → 2.17.3 Also updated tar-fs override for new @remix-run/dev version.
1 parent eeab6bd commit 4ef0cba

File tree

3 files changed

+443
-399
lines changed

3 files changed

+443
-399
lines changed

apps/webapp/package.json

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -100,12 +100,12 @@
100100
"@react-aria/datepicker": "^3.9.1",
101101
"@react-stately/datepicker": "^3.9.1",
102102
"@react-types/datepicker": "^3.7.1",
103-
"@remix-run/express": "2.1.0",
104-
"@remix-run/node": "2.1.0",
105-
"@remix-run/react": "2.1.0",
106-
"@remix-run/router": "^1.15.3",
107-
"@remix-run/serve": "2.1.0",
108-
"@remix-run/server-runtime": "2.1.0",
103+
"@remix-run/express": "2.17.3",
104+
"@remix-run/node": "2.17.3",
105+
"@remix-run/react": "2.17.3",
106+
"@remix-run/router": "^1.23.2",
107+
"@remix-run/serve": "2.17.3",
108+
"@remix-run/server-runtime": "2.17.3",
109109
"@remix-run/v1-meta": "^0.1.3",
110110
"@s2-dev/streamstore": "^0.17.2",
111111
"@sentry/remix": "9.46.0",
@@ -228,9 +228,9 @@
228228
"@internal/clickhouse": "workspace:*",
229229
"@internal/replication": "workspace:*",
230230
"@internal/testcontainers": "workspace:*",
231-
"@remix-run/dev": "2.1.0",
232-
"@remix-run/eslint-config": "2.1.0",
233-
"@remix-run/testing": "^2.1.0",
231+
"@remix-run/dev": "2.17.3",
232+
"@remix-run/eslint-config": "2.17.3",
233+
"@remix-run/testing": "^2.17.3",
234234
"@sentry/cli": "2.50.2",
235235
"@swc/core": "^1.3.4",
236236
"@swc/helpers": "^0.4.11",

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@
8686
"overrides": {
8787
"typescript": "5.5.4",
8888
"express@^4>body-parser": "1.20.3",
89-
"@remix-run/dev@2.1.0>tar-fs": "2.1.3",
89+
"@remix-run/dev@2.17.3>tar-fs": "2.1.3",
9090
"testcontainers@10.28.0>tar-fs": "3.0.9",
9191
"form-data@^2": "2.5.4",
9292
"form-data@^3": "3.0.4",

0 commit comments

Comments
 (0)