chore(deps): bump react-router and react-router-dom in /humanlayer-wui#37
chore(deps): bump react-router and react-router-dom in /humanlayer-wui#37dependabot[bot] wants to merge 1 commit into
Security Analysis Passed
No security issues found
Details
Kusari Analysis Results:
✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.
Both dependency and code analyses independently recommend proceeding with no critical concerns identified. Key findings: (1) Dependency Analysis: The most significant change is the react-router/react-router-dom upgrade from 7.6.3 to 7.17.0, which resolves 10 known vulnerabilities including XSS, CSRF, open redirect, DoS, and RCE issues. The remaining changes add platform-specific native binary packages for existing dependencies (esbuild, rollup, tauri-apps CLI, sentry CLI, tailwindcss oxide, lightningcss) with no current advisories. All package licenses are permissive (MIT, Apache-2.0, BSD-3-Clause) or weak copyleft (MPL-2.0 for build tools only). No blocked, deprecated, or end-of-life packages detected. (2) Code Analysis: Zero code issues, zero secrets, and zero workflow issues found in the modified package.json and package-lock.json files. Combined risk assessment: This PR is a net security improvement. Merging actively reduces the attack surface by eliminating 10 vulnerabilities in react-router with no new risks introduced.
Note
View full detailed analysis result for more information on the output and the checks that were run.
@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 681c50f, performed at: 2026-06-04T20:42:52Z