chore(deps): bump react-router from 6.30.1 to 6.30.2#132
chore(deps): bump react-router from 6.30.1 to 6.30.2#132dependabot[bot] wants to merge 1 commit intodevelopfrom
Conversation
Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) from 6.30.1 to 6.30.2. - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@6.30.2/packages/react-router) --- updated-dependencies: - dependency-name: react-router dependency-version: 6.30.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
|
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR updates react-router from ^6.0.2 to ^6.30.2 as a patch version bump. However, there is a critical version mismatch: react-router-dom (a related and tightly coupled dependency) is not being updated and remains at ^6.0.2 (resolving to 6.30.1 in the lock file).
Issue Identified
React Router v6 packages are designed to work together with matching versions. The current update creates an inconsistency:
- react-router is updated to 6.30.2
- react-router-dom remains at 6.30.1
- This causes different versions of @remix-run/router to be installed (1.23.1 vs 1.23.0)
The release notes indicate that v6.30.2 includes a fix for "Normalize double-slashes in resolvePath" in @remix-run/router@1.23.1. By not updating react-router-dom, the codebase won't benefit from this fix consistently since react-router-dom still depends on the previous version of @remix-run/router.
Recommendation
Update react-router-dom to ^6.30.2 as well to ensure both packages use compatible versions and the same underlying router implementation.
Confidence Score: 2/5
- This PR has a critical dependency version mismatch that needs to be resolved before merging. It introduces potential runtime issues by pulling in two different versions of @remix-run/router.
- The PR updates react-router to 6.30.2 but fails to update the tightly coupled react-router-dom package, which remains at 6.30.1. This causes the lock file to include both @remix-run/router@1.23.0 and @remix-run/router@1.23.1, leading to potential module resolution issues and preventing consistent application of the patch fix. The score is low (2/5) because this is a significant architectural issue that could cause runtime problems, even though the change itself is simple. The fix is straightforward but necessary before merge.
- apps/extensions/package.json must be corrected to update react-router-dom to ^6.30.2 to match react-router
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| apps/extensions/package.json | 2/5 | Updates react-router from ^6.0.2 to ^6.30.2, but react-router-dom remains at ^6.0.2 (which resolves to 6.30.1). This creates a version mismatch: the package.json specifies different minor versions for related packages that are typically kept in sync. react-router-dom should also be bumped to at least ^6.30.2 to match react-router. |
| pnpm-lock.yaml | 2/5 | Lock file reflects the inconsistency from package.json: react-router@6.30.2 depends on @remix-run/router@1.23.1, while react-router-dom@6.30.1 depends on @remix-run/router@1.23.0. This results in both versions of @remix-run/router being installed. Since react-router and react-router-dom are tightly coupled in React Router v6, they should use the same version of @remix-run/router to avoid potential runtime issues. |
Sequence Diagram
sequenceDiagram
participant App as Application
participant RRDom as react-router-dom<br/>6.30.1
participant RR as react-router<br/>6.30.2
participant RemixOld as @remix-run/router<br/>1.23.0
participant RemixNew as @remix-run/router<br/>1.23.1
App->>RRDom: imports Routes, Route
App->>RR: imports useLocation, useNavigate
RRDom->>RemixOld: depends on
RR->>RemixNew: depends on
Note over RemixOld,RemixNew: Version Mismatch Problem:<br/>Two versions of @remix-run/router<br/>loaded in bundle, causing<br/>potential conflicts
| "react-router": "^6.30.2", | ||
| "react-router-dom": "^6.0.2", |
There was a problem hiding this comment.
There is a version mismatch between react-router and react-router-dom. react-router is being updated to ^6.30.2 (which resolves to 6.30.2), while react-router-dom remains at ^6.0.2 (which resolves to 6.30.1).
In React Router v6, react-router and react-router-dom are tightly coupled and should use the same version. More importantly, they both depend on @remix-run/router, and the current versions pull in different versions of that dependency:
- react-router@6.30.2 → @remix-run/router@1.23.1
- react-router-dom@6.30.1 → @remix-run/router@1.23.0
This can cause issues with duplicate package resolution and potential runtime errors. You should update react-router-dom to ^6.30.2 as well to ensure both packages use the same versions of their dependencies.
| "react-router": "^6.30.2", | |
| "react-router-dom": "^6.0.2", | |
| "react-router": "^6.30.2", | |
| "react-router-dom": "^6.30.2", |
Prompt To Fix With AI
This is a comment left during a code review.
Path: apps/extensions/package.json
Line: 191:192
Comment:
There is a version mismatch between react-router and react-router-dom. react-router is being updated to ^6.30.2 (which resolves to 6.30.2), while react-router-dom remains at ^6.0.2 (which resolves to 6.30.1).
In React Router v6, react-router and react-router-dom are tightly coupled and should use the same version. More importantly, they both depend on @remix-run/router, and the current versions pull in different versions of that dependency:
- react-router@6.30.2 → @remix-run/router@1.23.1
- react-router-dom@6.30.1 → @remix-run/router@1.23.0
This can cause issues with duplicate package resolution and potential runtime errors. You should update react-router-dom to ^6.30.2 as well to ensure both packages use the same versions of their dependencies.
```suggestion
"react-router": "^6.30.2",
"react-router-dom": "^6.30.2",
```
How can I resolve this? If you propose a fix, please make it concise.
|
Bumps react-router from 6.30.1 to 6.30.2.
Release notes
Sourced from react-router's releases.
Changelog
Sourced from react-router's changelog.
Commits
26b5d45chore: Update version for release (#14541)919f8a8chore: Update version for release (pre-v6) (#14540)69bf705Normalize double slashes in resolvePath (#14537)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for react-router since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Summary by cubic
Upgraded react-router to 6.30.2 to fix double-slash path resolution in resolvePath. This reduces routing edge cases with no app code changes.
Written for commit ce345c9. Summary will update on new commits.