Skip to content

chore(deps): bump react-router from 7.12.0 to 8.0.1 in /internal/dev_server/ui#729

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/internal/dev_server/ui/react-router-8.0.1
Open

chore(deps): bump react-router from 7.12.0 to 8.0.1 in /internal/dev_server/ui#729
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/internal/dev_server/ui/react-router-8.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026
edited by cursor Bot
Loading

Copy link
Copy Markdown
Contributor

Bumps react-router from 7.12.0 to 8.0.1.

Release notes

Sourced from react-router's releases.

v8.0.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v801

v8.0.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v800

v7.18.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/v7/CHANGELOG.md#v7181

v7.18.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7180

v7.17.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7170

v7.16.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7160

v7.15.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7151

v7.15.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150

v7.14.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7142

v7.14.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141

v7.14.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140

v7.13.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132

v7.13.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131

v7.13.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130

Changelog

Sourced from react-router's changelog.

v8.0.1

Patch Changes

  • Remove the obsolete AppLoadContext type export accidentally left over from v7 now that middleware is always enabled and server request context is provided through RouterContextProvider. (#15207)

v8.0.0

Major Changes

  • Remove the future.v8_trailingSlashAwareDataRequests flag (#15100)
    • Trailing slash-aware data request URLs are now the default behavior.
  • Update tsconfig.json target/lib from ES2020 -> ES2022 (591853e)
  • Switch the published packages in packages/ to ESM-only. (#14895) (59ebcf1)
  • Remove deprecated data parameter in favor of loaderData for meta APIs (to align with Route.ComponentProps) (#14931)
    • Route.MetaArgs, Route.MetaMatch, MetaArgs, MetaMatch, Route.ComponentProps.matches, UIMatch
  • Remove future.v8_passThroughRequests flag - the raw incoming request is now always passed through to loader/action. Use url for the normalized URL without React Router-specific implementation details (.data suffixes, index/_routes search params). (#15079)
  • Remove internal hasErrorBoundary field added to router.routes when using a data router (#15074)
    • This should not impact user-facing code since this was an internal prop and was computed based on the presence of ErrorBoundary or errorElement on your route
    • hasErrorBoundary is no longer accepted on RouteObject (IndexRouteObject/NonIndexRouteObject), DataRouteObject, <Route> JSX props, or as a key in lazy route definitions.
    • The MapRoutePropertiesFunction signature no longer requires returning hasErrorBoundary; the router infers it directly.
  • Remove react-router-dom package (#15076)
    • In v7 everything DOM-specific was collapsed into react-router/dom
      • react-router-dom was kept around as a convenience so existing v6 app imports would still work
    • For v8, you will need to swap react-router-dom imports:
      • RouterProvider/HydratedRouter should be imported from react-router/dom
      • Everything else should be imported from react-router
  • Remove future.v8_middleware flag — middleware is always enabled in v8 (#15078)
    • The future.v8_middleware flag has been removed; middleware is now always enabled
    • The context parameter passed to loader, action, and middleware functions is always a RouterContextProvider instance
    • getLoadContext functions in custom servers must return a RouterContextProvider — returning a plain object is no longer supported
    • The MiddlewareEnabled type (previously exported as UNSAFE_MiddlewareEnabled) has been removed since the conditional it gated is now unconditional
    • The Future module augmentation pattern (interface Future { v8_middleware: true }) is no longer needed to type context in Data Mode
  • Update minimum Node version to 22.22.0 (#14928)
  • Update minimum React version to 19.2.7 (#15062)

Minor Changes

  • Bump dependencies (#15080)
    • Bumped cookie from ^1.0.1 to ^1.1.1
    • Bumped set-cookie-parser from ^2.6.0 to ^3.1.0

Patch Changes

  • Ensure client middleware errors load lazy route error boundaries before bubbling (#15086)
  • Remove explicit onSubmit type override from SharedFormProps to fix deprecation warning with @types/react@19.x (#14932) (59ebcf1)
  • Update package builds to preserve individual module files in published artifacts. Public APIs and documented import paths are unchanged. (#15092)
    • Updated package TypeScript configs to support modern module syntax used by the build configuration.
  • Migrate package builds from tsup to tsdown. Published package entry points and public APIs are unchanged. (#15092)
  • Upgrade React Router's TypeScript tooling to TypeScript 6. Runtime behavior and public APIs are unchanged. (#15092)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Medium Risk
Major router upgrade affects all routing (BrowserRouter, Routes, hooks) with no code migration in the PR, and React 18.3.1 does not satisfy react-router 8’s React ≥19.2.7 peer dependency.

Overview
Bumps react-router from 7.12.0 to 8.0.1 in internal/dev_server/ui (package.json and lockfile only; no app source edits).

The lockfile reflects v8’s dependency shift: cookie / set-cookie-parser are replaced by cookie-es. React Router 8 also raises declared Node (≥22.22.0) and React (≥19.2.7) peer requirements while this package still pins React 18.3.1, so install/build may warn or behave differently until React is upgraded or peers are reconciled.

Reviewed by Cursor Bugbot for commit 4a64919. Bugbot is set up for automated code reviews on this repo. Configure here.

@dependabot
chore(deps): bump react-router in /internal/dev_server/ui
4a64919 
Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) from 7.12.0 to 8.0.1.
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@8.0.1/packages/react-router)

---
updated-dependencies:
- dependency-name: react-router
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 30, 2026
cursor[bot]
cursor Bot reviewed Jun 30, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using default effort and found 2 potential issues.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 4a64919. Configure here.

Comment thread internal/dev_server/ui/package.json
"react": "18.3.1",
"react-dom": "18.3.1",
"react-router": "7.12.0",
"react-router": "8.0.1",

@cursor cursor Bot Jun 30, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Router eight with React eighteen

High Severity

The PR upgrades react-router to 8.0.1 but leaves react and react-dom at 18.3.1. React Router 8 requires peer react and react-dom at >=19.2.7, so the dev server UI is on an unsupported combination that can break installs, tsc/build, or client routing at runtime.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 4a64919. Configure here.

Comment thread internal/dev_server/ui/package-lock.json
},
"engines": {
"node": ">=20.0.0"
"node": ">=22.22.0"

@cursor cursor Bot Jun 30, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Router eight Node engine mismatch

Medium Severity

react-router@8.0.1 declares engines.node as >=22.22.0, but the dev server UI workflow installs Node via lts/* and package.json does not document or enforce that minimum. Local or CI environments on older Node can hit unsupported installs or subtle build/runtime issues after this bump.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 4a64919. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants