Skip to content

Bump react-router from 7.15.1 to 7.18.0#738

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/react-router-7.18.0
Open

Bump react-router from 7.15.1 to 7.18.0#738
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/react-router-7.18.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps react-router from 7.15.1 to 7.18.0.

Release notes

Sourced from react-router's releases.

v7.18.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7180

v7.17.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7170

v7.16.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7160

Changelog

Sourced from react-router's changelog.

v7.18.0

Patch Changes

  • Fix server handler prerender responses when using ssr: false and future.v8_trailingSlashAwareDataRequests: true. Avoids false positive "SPA Mode" detection when serving prerendered paths (#15173)
  • Use the ServerRouter nonce for nonce-aware SSR components when they don't provide their own value so strict CSP pages can load them. (#15170)
  • Use turbo-stream to serialize and deserialize Framework Mode hydration errors (#15175)
  • Precompute route branch matchers to avoid recompiling route path regexes during matching (#15186)
  • Use the constructed request URL host when validating action request origins. (#15185)
  • Remove the un-documented custom error serialization logic from Data Mode SSR built-in hydration flows (#15175)
  • Validate protocols in RSC render redirects (#15177)
  • Consolidate url normalization logic and better handle mixed slashes (#15176)

v7.17.0

Minor Changes

  • Ship a subset of the official documentation inside the react-router package (#15121)
    • Markdown docs are now available in node_modules/react-router/docs, letting AI coding agents and the React Router agent skills read official docs locally
    • Excludes auto-generated API docs (api/), community/ content, and tutorials (tutorials/)

v7.16.0

Minor Changes

  • Stabilize future.unstable_trailingSlashAwareDataRequests as future.v8_trailingSlashAwareDataRequests (#15098)

Patch Changes

  • Disable manifest path when lazy route dicovery is disabled (#15068)

  • Fix browser URL creation to use the configured history window instead of the global window. (#15066)

    • Pass the history/router window through to createBrowserURLImpl so custom window contexts keep the correct URL origin.
  • Fix useNavigation() return type to preserve discriminated union across navigation states (#15095)

  • Widen MetaDescriptor script:ld+json type from LdJsonObject to LdJsonObject | LdJsonObject[] to permit multiple JSON-LD schemas in a single <script type="application/ld+json"> tag emitted by <Meta /> (#15082)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) from 7.15.1 to 7.18.0.
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router@7.18.0/packages/react-router)

---
updated-dependencies:
- dependency-name: react-router
  dependency-version: 7.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
@github-actions

Copy link
Copy Markdown

Mend Scan Results

Status: ✅ No findings detected

SCA scan output



Identified 94 dependencies

Detected 0 vulnerabilities (0 Critical, 0 High, 0 Medium, 0 Low)





No Policy violations were detected

Project 'pnc-web-ui-react' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=94bc886e-2889-4021-9f18-a73550a2a19d
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=ae749185030e4739bbb6843c3716bd074ceb5bfe59f94e23a4fb8c74dee3e3b7

Mend AI scan succeeded.

Support Token: 17b0ab14e5cc34fd3881020b418ca68501782738025071
SAST scan output
*no findings*

Full logs and artifacts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants