[Snyk] Upgrade react-router-dom from 5.3.3 to 7.5.3

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade react-router-dom from 5.3.3 to 7.5.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 239 versions ahead of your current version.

• The recommended version was released 25 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	140	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	140	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9653016	140	Proof of Concept
	Path Equivalence SNYK-JS-VITE-5664718	140	Proof of Concept
	Access Control Bypass SNYK-JS-VITE-6182924	140	Proof of Concept
	Information Exposure SNYK-JS-VITE-8023174	140	Proof of Concept
	Origin Validation Error SNYK-JS-VITE-8648411	140	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	140	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	140	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9512410	140	Mature
	Access Control Bypass SNYK-JS-VITE-9576207	140	Proof of Concept
	Information Exposure SNYK-JS-VITE-9685035	140	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	140	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	140	Proof of Concept
	Directory Traversal SNYK-JS-VITE-9919777	140	Proof of Concept
	Improper Access Control SNYK-JS-VITE-6531286	140	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	140	Proof of Concept

Release notes

Package name: react-router-dom

• 7.5.3 - 2025-04-28
  

  [email protected]

• 7.5.3-pre.0 - 2025-04-28
  

  [email protected]

• 7.5.2 - 2025-04-24
• 7.5.1 - 2025-04-17
• 7.5.1-pre.0 - 2025-04-15
• 7.5.0 - 2025-04-04
• 7.5.0-pre.1 - 2025-04-03
• 7.5.0-pre.0 - 2025-04-02
• 7.4.1 - 2025-03-28
• 7.4.1-pre.0 - 2025-03-26
• 7.4.0 - 2025-03-19
• 7.4.0-pre.0 - 2025-03-17
• 7.3.0 - 2025-03-06
• 7.3.0-pre.1 - 2025-03-06
• 7.3.0-pre.0 - 2025-03-04
• 7.2.0 - 2025-02-18
• 7.2.0-pre.6 - 2025-02-18
• 7.2.0-pre.5 - 2025-02-18
• 7.2.0-pre.4 - 2025-02-17
• 7.2.0-pre.3 - 2025-02-17
• 7.2.0-pre.2 - 2025-02-13
• 7.2.0-pre.1 - 2025-02-12
• 7.2.0-pre.0 - 2025-02-12
• 7.1.5 - 2025-01-31
• 7.1.5-pre.0 - 2025-01-31
• 7.1.4 - 2025-01-30
• 7.1.4-pre.0 - 2025-01-28
• 7.1.3 - 2025-01-17
• 7.1.3-pre.0 - 2025-01-17
• 7.1.2 - 2025-01-16
• 7.1.2-pre.0 - 2025-01-14
• 7.1.1 - 2024-12-23
• 7.1.1-pre.0 - 2024-12-21
• 7.1.0 - 2024-12-20
• 7.1.0-pre.0 - 2024-12-18
• 7.0.2 - 2024-12-03
• 7.0.2-pre.0 - 2024-12-02
• 7.0.1 - 2024-11-22
• 7.0.1-pre.0 - 2024-11-22
• 7.0.0 - 2024-11-22
• 7.0.0-pre.6 - 2024-11-19
• 7.0.0-pre.5 - 2024-11-05
• 7.0.0-pre.4 - 2024-10-29
• 7.0.0-pre.3 - 2024-10-29
• 7.0.0-pre.2 - 2024-10-23
• 7.0.0-pre.1 - 2024-10-11
• 7.0.0-pre.0 - 2024-10-03
• 6.30.1 - 2025-05-20
• 6.30.0 - 2025-02-27
• 6.30.0-pre-v6.0 - 2025-02-25
• 6.29.0 - 2025-01-30
• 6.29.0-pre-v6.2 - 2025-01-29
• 6.28.3-pre-v6.1 - 2025-01-28
• 6.28.3-pre-v6.0 - 2025-01-28
• 6.28.2 - 2025-01-16
• 6.28.2-pre.0 - 2025-01-14
• 6.28.1 - 2024-12-20
• 6.28.1-pre.0 - 2024-12-18
• 6.28.0 - 2024-11-06
• 6.28.0-pre.0 - 2024-10-29
• 6.27.0 - 2024-10-11
• 6.27.0-pre.1 - 2024-10-10
• 6.27.0-pre.0 - 2024-10-09
• 6.26.2 - 2024-09-09
• 6.26.2-pre.0 - 2024-09-04
• 6.26.1 - 2024-08-15
• 6.26.1-pre.0 - 2024-08-14
• 6.26.0 - 2024-08-01
• 6.26.0-pre.1 - 2024-07-31
• 6.26.0-pre.0 - 2024-07-30
• 6.25.1 - 2024-07-17
• 6.25.1-pre.0 - 2024-07-17
• 6.25.0 - 2024-07-16
• 6.25.0-pre.0 - 2024-07-12
• 6.24.1 - 2024-07-03
• 6.24.1-pre.0 - 2024-07-01
• 6.24.0 - 2024-06-24
• 6.24.0-pre.0 - 2024-06-14
• 6.23.1 - 2024-05-10
• 6.23.1-pre.1 - 2024-05-09
• 6.23.1-pre.0 - 2024-04-30
• 6.23.0 - 2024-04-23
• 6.23.0-pre.1 - 2024-03-29
• 6.23.0-pre.0 - 2024-03-27
• 6.22.3 - 2024-03-07
• 6.22.3-pre.0 - 2024-03-05
• 6.22.2 - 2024-02-28
• 6.22.2-pre.0 - 2024-02-27
• 6.22.1 - 2024-02-16
• 6.22.1-pre.0 - 2024-02-16
• 6.22.0 - 2024-02-01
• 6.22.0-pre.0 - 2024-01-31
• 6.21.3 - 2024-01-18
• 6.21.3-pre.0 - 2024-01-16
• 6.21.2 - 2024-01-11
• 6.21.2-pre.0 - 2024-01-09
• 6.21.1 - 2023-12-21
• 6.21.1-pre.0 - 2023-12-21
• 6.21.0 - 2023-12-13
• 6.21.0-pre.3 - 2023-12-06
• 6.21.0-pre.2 - 2023-12-05
• 6.21.0-pre.1 - 2023-12-05
• 6.21.0-pre.0 - 2023-12-05
• 6.20.1 - 2023-12-01
• 6.20.1-pre.0 - 2023-12-01
• 6.20.0 - 2023-11-22
• 6.20.0-pre.0 - 2023-11-21
• 6.19.0 - 2023-11-16
• 6.19.0-pre.0 - 2023-11-14
• 6.18.0 - 2023-10-31
• 6.18.0-pre.1 - 2023-10-30
• 6.18.0-pre.0 - 2023-10-26
• 6.17.0 - 2023-10-16
• 6.17.0-pre.2 - 2023-10-13
• 6.17.0-pre.1 - 2023-10-12
• 6.17.0-pre.0 - 2023-10-11
• 6.16.0 - 2023-09-13
• 6.16.0-pre.2 - 2023-09-06
• 6.16.0-pre.1 - 2023-09-05
• 6.16.0-pre.0 - 2023-08-28
• 6.15.0 - 2023-08-10
• 6.15.0-pre.0 - 2023-08-09
• 6.14.2 - 2023-07-17
• 6.14.2-pre.1 - 2023-07-17
• 6.14.2-pre.0 - 2023-07-11
• 6.14.1 - 2023-06-30
• 6.14.1-pre.1 - 2023-06-30
• 6.14.1-pre.0 - 2023-06-29
• 6.14.0 - 2023-06-23
• 6.14.0-pre.1 - 2023-06-21
• 6.14.0-pre.0 - 2023-06-21
• 6.13.0 - 2023-06-14
• 6.13.0-pre.1 - 2023-06-13
• 6.12.2-pre.0 - 2023-06-12
• 6.12.1 - 2023-06-08
• 6.12.1-pre.0 - 2023-06-08
• 6.12.0 - 2023-06-06
• 6.12.0-pre.1 - 2023-06-01
• 6.12.0-pre.0 - 2023-06-01
• 6.11.2 - 2023-05-17
• 6.11.2-pre.0 - 2023-05-16
• 6.11.1 - 2023-05-03
• 6.11.1-pre.0 - 2023-05-02
• 6.11.0 - 2023-04-28
• 6.11.0-pre.2 - 2023-04-27
• 6.11.0-pre.1 - 2023-04-26
• 6.11.0-pre.0 - 2023-04-26
• 6.10.0 - 2023-03-29
• 6.10.0-pre.2 - 2023-03-24
• 6.10.0-pre.1 - 2023-03-22
• 6.10.0-pre.0 - 2023-03-21
• 6.9.0 - 2023-03-10
• 6.9.0-pre.0 - 2023-03-08
• 6.8.2 - 2023-02-27
• 6.8.2-pre.3 - 2023-02-23
• 6.8.2-pre.2 - 2023-02-22
• 6.8.2-pre.1 - 2023-02-22
• 6.8.2-pre.0 - 2023-02-21
• 6.8.1 - 2023-02-06
• 6.8.1-pre.0 - 2023-02-02
• 6.8.0 - 2023-01-26
• 6.8.0-pre.1 - 2023-01-24
• 6.7.1-pre.0 - 2023-01-24
• 6.7.0 - 2023-01-18
• 6.7.0-pre.5 - 2023-01-18
• 6.7.0-pre.4 - 2023-01-17
• 6.7.0-pre.3 - 2023-01-13
• 6.7.0-pre.2 - 2023-01-13
• 6.7.0-pre.1 - 2023-01-11
• 6.6.3-pre.0 - 2023-01-11
• 6.6.2 - 2023-01-09
• 6.6.2-pre.0 - 2023-01-04
• 6.6.1 - 2022-12-23
• 6.6.1-pre.1 - 2022-12-22
• 6.6.1-pre.0 - 2022-12-22
• 6.6.0 - 2022-12-21
• 6.6.0-pre.0 - 2022-12-16
• 6.5.0 - 2022-12-16
• 6.5.0-pre.1 - 2022-12-14
• 6.5.0-pre.0 - 2022-12-13
• 6.4.5 - 2022-12-07
• 6.4.5-pre.2 - 2022-12-06
• 6.4.5-pre.1 - 2022-12-06
• 6.4.5-pre.0 - 2022-12-05
• 6.4.4 - 2022-11-30
• 6.4.4-pre.2 - 2022-11-29
• 6.4.4-pre.1 - 2022-11-28
• 6.4.4-pre.0 - 2022-11-23
• 6.4.3 - 2022-11-01
• 6.4.3-pre.2 - 2022-10-28
• 6.4.3-pre.1 - 2022-10-25
• 6.4.3-pre.0 - 2022-10-21
• 6.4.2 - 2022-10-05
• 6.4.2-pre.1 - 2022-10-04
• 6.4.2-pre.0 - 2022-09-30
• 6.4.1 - 2022-09-21
• 6.4.1-pre.0 - 2022-09-20
• 6.4.0 - 2022-09-13
• 6.4.0-pre.15 - 2022-09-08
• 6.4.0-pre.14 - 2022-08-31
• 6.4.0-pre.13 - 2022-08-18
• 6.4.0-pre.12 - 2022-08-10
• 6.4.0-pre.11 - 2022-08-02
• 6.4.0-pre.10 - 2022-07-22
• 6.4.0-pre.9 - 2022-07-14
• 6.4.0-pre.8 - 2022-06-22
• 6.4.0-pre.7 - 2022-06-10
• 6.4.0-pre.6 - 2022-06-09
• 6.4.0-pre.5 - 2022-06-08
• 6.4.0-pre.4 - 2022-06-08
• 6.4.0-pre.3 - 2022-06-06
• 6.4.0-pre.2 - 2022-05-23
• 6.4.0-pre.0 - 2022-05-23
• 6.3.0 - 2022-03-31
• 6.2.2 - 2022-02-28
• 6.2.2-pre.0 - 2022-02-28
• 6.2.1 - 2021-12-17
• 6.2.0 - 2021-12-17
• 6.1.1 - 2021-12-11
• 6.1.0 - 2021-12-10
• 6.0.2 - 2021-11-09
• 6.0.1 - 2021-11-05
• 6.0.0 - 2021-11-03
• 6.0.0-beta.8 - 2021-10-22
• 6.0.0-beta.7 - 2021-10-15
• 6.0.0-beta.6 - 2021-10-07
• 6.0.0-beta.5 - 2021-09-25
• 6.0.0-beta.4 - 2021-09-11
• 6.0.0-beta.3 - 2021-09-03
• 6.0.0-beta.2 - 2021-08-20
• 6.0.0-beta.1 - 2021-08-13
• 6.0.0-beta.0 - 2020-06-19
• 6.0.0-alpha.5 - 2020-05-15
• 6.0.0-alpha.4 - 2020-05-05
• 6.0.0-alpha.3 - 2020-04-04
• 6.0.0-alpha.2 - 2020-02-22
• 6.0.0-alpha.1 - 2020-02-01
• 6.0.0-alpha.0 - 2020-01-31
• 5.3.4 - 2022-10-02
• 5.3.3 - 2022-05-18

from react-router-dom GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Upgrade the react-router-dom dependency from 5.0.1 to 7.5.3

Bug Fixes:

• Resolve multiple security vulnerabilities by upgrading react-router-dom

Enhancements:

• Bump react-router-dom to version 7.5.3

[sourcery-ai]

Reviewer's Guide

This PR upgrades react-router-dom from v5 to v7 by bumping its version in the demo project’s package manifest to address numerous security vulnerabilities; review the version change and verify compatibility with any breaking API changes in routing.

Class diagram for react-router-dom dependency update

classDiagram
    direction LR
    class Old_ReactRouterDom {
        <<Dependency>>
        +name: "react-router-dom"
        +version: "5.3.3"
        +status: "Replaced"
        +vulnerabilities: "Multiple (e.g., ReDoS, XSS)"
        +apiSignature: "Legacy (v5 API)"
    }
    class New_ReactRouterDom {
        <<Dependency>>
        +name: "react-router-dom"
        +version: "7.5.3"
        +status: "Proposed Update"
        +fixes: "Multiple vulnerabilities"
        +apiSignature: "Modern (v7 API, potential breaking changes)"
    }
    note for Old_ReactRouterDom "Previous version in package.json"
    note for New_ReactRouterDom "New version proposed by Snyk PR"

Loading

Flow diagram for Snyk's automated dependency upgrade process

graph TD
    A["Snyk monitors 'demo' project dependencies"] --> B["Detects '[email protected]'"];
    B --> C{"Vulnerable or outdated?"};
    C -- "Yes" --> D["Identifies recommended upgrade: '[email protected]'"];
    D --> E["Generates Pull Request with 'package.json' modification"];
    E --> F["PR proposes change: react-router-dom '5.3.3' -> '7.5.3'"];
    F --> G["Developer Review: Check for breaking changes, test compatibility"];
    G --> H{"Approve & Merge PR?"};
    H -- "Yes" --> I["Dependency upgraded to v7.5.3 in 'demo' project"];
    H -- "No" --> J["Dependency remains v5.3.3, vulnerabilities persist"];
    C -- "No" --> K["No action for this dependency"];

Loading

File-Level Changes

Change	Details	Files
Dependency version bump for react-router-dom	Changed react-router-dom version from ^5.0.1 to ^7.5.3	demo/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.