Skip to content

fix(web-extension): bump react-router-dom and nanoid#282

Merged
chargome merged 1 commit intosentry-v2from
cg/bump-web-extension-deps
Apr 16, 2026
Merged

fix(web-extension): bump react-router-dom and nanoid#282
chargome merged 1 commit intosentry-v2from
cg/bump-web-extension-deps

Conversation

@chargome
Copy link
Copy Markdown
Member

@chargome chargome commented Apr 16, 2026
edited
Loading

Summary

  • Bumps react-router-dom from ^6.4.1 to ^6.30.2 in packages/web-extension
  • Bumps nanoid from ^4.0.0 to ^5.0.9 in packages/web-extension

Breaking changes in nanoid v5

  • Node.js >=18 required — we use Node 20, not affected
  • Removed async API (Web Crypto is sync-only now) — we only use sync nanoid(), not affected
  • Named export required (import { nanoid }) — we already use named import, not affected
  • Removed CommonJS support — web-extension is ESM ("type": "module"), not affected

Breaking changes in react-router-dom 6.4 -> 6.30

  • No breaking changes within the 6.x line. All APIs we use (Routes, Route, useParams, useNavigate, createHashRouter, RouterProvider) are stable

Dependabot alerts resolved

  • Alert #168 (medium) — react-router unvalidated redirect
  • Alert #167 (high) — @remix-run/router XSS via open redirects
  • Alert #105 (medium) — nanoid predictable generation
  • Alert #104 (medium) — nanoid predictable generation

🤖 Generated with Claude Code

@chargome @claude
fix(web-extension): bump react-router-dom and nanoid
9514f9e 
- react-router-dom ^6.4.1 -> ^6.30.2
  Resolves dependabot alerts for react-router (unvalidated redirect)
  and @remix-run/router (XSS via open redirects).

- nanoid ^4.0.0 -> ^5.0.9
  Resolves dependabot alert for predictable nanoid generation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@chargome chargome requested a review from andreiborza April 16, 2026 11:12
@chargome chargome self-assigned this Apr 16, 2026
@chargome chargome merged commit bea9159 into sentry-v2 Apr 16, 2026
21 checks passed
@chargome chargome deleted the cg/bump-web-extension-deps branch April 16, 2026 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andreiborza andreiborza andreiborza approved these changes

Assignees

@chargome chargome

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chargome @andreiborza