Skip to content

chore(dev): update valibot #14608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 28, 2025
Merged

chore(dev): update valibot #14608

merged 3 commits into from
Nov 28, 2025
+12 −6

Conversation

@harucn
Copy link
Contributor

@harucn harucn commented Nov 27, 2025
edited
Loading

Update valibot to address a high severity vulnerability described in GHSA-vqpr-j7v3-hqw9.

(This is my first contribution to OSS. Let me know if I've done anything wrong. Feel free to close if this violates any policies.)

@changeset-bot
Copy link

changeset-bot bot commented Nov 27, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 7f33360

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages
Name Type
@react-router/dev Patch
@react-router/fs-routes Patch
@react-router/remix-routes-option-adapter Patch
create-react-router Patch
react-router Patch
react-router-dom Patch
@react-router/architect Patch
@react-router/cloudflare Patch
@react-router/express Patch
@react-router/node Patch
@react-router/serve Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@remix-cla-bot
Copy link
Contributor

remix-cla-bot bot commented Nov 27, 2025

Hi @harucn,

Welcome, and thank you for contributing to React Router!

Before we consider your pull request, we ask that you sign our Contributor License Agreement (CLA). We require this only once.

You may review the CLA and sign it by adding your name to contributors.yml.

Once the CLA is signed, the CLA Signed label will be added to the pull request.

If you have already signed the CLA and received this response in error, or if you have any questions, please contact us at hello@remix.run.

Thanks!

- The Remix team

@remix-cla-bot
Copy link
Contributor

remix-cla-bot bot commented Nov 27, 2025

Thank you for signing the Contributor License Agreement. Let's get this merged! 🥳

@MichaelDeBoey MichaelDeBoey changed the title Update valibot dependency to ^1.2.0 chore(dev): update valibot Nov 27, 2025
@MichaelDeBoey MichaelDeBoey added dependencies Pull requests that update a dependency file pkg:@react-router/dev labels Nov 27, 2025
@codler
Copy link

codler commented Nov 27, 2025

Can we upgrade @npmcli/package-json also? That would solve GHSA-5j98-mcp5-4vw2

@MichaelDeBoey
Copy link
Member

MichaelDeBoey commented Nov 27, 2025

@codler That's already removed as of #14558

@timdorr
Copy link
Member

timdorr commented Nov 27, 2025

Can you add a changeset? Instructions are in the comment above.

@harucn
Copy link
Contributor Author

harucn commented Nov 28, 2025
edited
Loading

Thanks @timdorr! Added it in 7f33360

@timdorr timdorr merged commit c2cb601 into remix-run:dev Nov 28, 2025
8 checks passed
@harucn harucn deleted the update-valibot branch November 28, 2025 05:28
@brophdawg11 brophdawg11 mentioned this pull request Dec 3, 2025
Closed
brophdawg11 pushed a commit that referenced this pull request Dec 3, 2025
@harucn @brophdawg11
chore(dev): update valibot (#14608)
ef67e10 
* Update valibot dependency to ^1.2.0

* Add harucn to contributors.yml

* Add changeset
@brophdawg11
Copy link
Contributor

brophdawg11 commented Dec 3, 2025

This is released in 7.10.1-pre.0 - should have a stable release out tomorrow morning

@brophdawg11
Copy link
Contributor

brophdawg11 commented Dec 4, 2025

Released in 7.10.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timdorr timdorr timdorr approved these changes

@MichaelDeBoey MichaelDeBoey MichaelDeBoey approved these changes

@brophdawg11 brophdawg11 Awaiting requested review from brophdawg11

Assignees

No one assigned

Labels

CLA Signed dependencies Pull requests that update a dependency file pkg:@react-router/dev

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@harucn @codler @MichaelDeBoey @timdorr @brophdawg11