[Snyk] Security upgrade react-router-dom from 5.3.4 to 6.30.2#19
[Snyk] Security upgrade react-router-dom from 5.3.4 to 6.30.2#19jakexcosme wants to merge 1 commit intodevelopfrom
Conversation
…nerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-REACTROUTER-14908286
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| "react-lazylog": "^4.5.3", | ||
| "react-media": "^1.10.0", | ||
| "react-router-dom": "^5.3.4", | ||
| "react-router-dom": "^6.30.2", |
There was a problem hiding this comment.
🔴 react-router-dom v5 to v6 upgrade without code migration breaks entire application
Upgrading react-router-dom from v5 (^5.3.4) to v6 (^6.30.2) without updating the application code will cause the entire frontend to fail at runtime.
Click to expand
Breaking Changes Not Addressed
React Router v6 is a major breaking change that removes/renames many APIs used throughout this codebase:
-
useHistoryhook removed (50 usages) - Replaced withuseNavigatein v6- Files affected:
RouteGuard.tsx,Header.tsx,Vulnerability.tsx,Organizations.tsx,LoginGovCallback.tsx,OktaCallback.tsx,TermsOfUse.tsx, and many more - Example at
frontend/src/components/Routes/RouteGuard.tsx:29:
const history = useHistory(); // This will throw: useHistory is not a function
- Files affected:
-
Switchcomponent removed (12 usages) - Replaced withRoutesin v6- Files affected:
Routes.tsx:27,Scans.tsx:26
import { Route, Switch } from 'react-router-dom'; // Switch doesn't exist in v6
- Files affected:
-
Redirectcomponent removed (10 usages) - Replaced withNavigatein v6- File affected:
AuthRoute.tsx:2
import { RouteProps, Redirect, Route } from 'react-router-dom'; // Redirect doesn't exist in v6
- File affected:
-
Routecomponent prop changes -componentprop removed, replaced withelement- All route definitions use the old v5 API:
<Route exact path="/terms" component={TermsOfUse} /> // v5 syntax // v6 requires: <Route path="/terms" element={<TermsOfUse />} />
-
RoutePropstype changed (8 usages) - The type interface is completely different in v6
Impact
The application will fail to start or crash immediately when any routing code is executed. Users will see a blank page or error screen.
Recommendation: Either revert the react-router-dom version back to ^5.3.4, or complete the full migration by updating all components to use v6 APIs: replace useHistory with useNavigate, Switch with Routes, Redirect with Navigate, and update all Route components to use the element prop instead of component.
Was this helpful? React with 👍 or 👎 to provide feedback.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
frontend/package.jsonfrontend/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-REACTROUTER-14908286
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Open Redirect