UI5 / webcomponents-react / 20844945750
85%

DEFAULT BRANCH: main
Ran
Jobs 7
Files 231
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 84.927%. Remained the same
20844945750

push

github

web-flow 
chore(deps): update dependency react-router to v7.12.0 [security] (#8085)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [react-router](https://redirect.github.com/remix-run/react-router)
([source](https://redirect.github.com/remix-run/react-router/tree/HEAD/packages/react-router))
| [`7.11.0` →
`7.12.0`](https://renovatebot.com/diffs/npm/react-router/7.11.0/7.12.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/react-router/7.12.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/react-router/7.11.0/7.12.0?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2026-21884](https://redirect.github.com/remix-run/react-router/security/advisories/GHSA-8v8x-cx79-35w7)

A XSS vulnerability exists in in React Router's `<ScrollRestoration>`
API in [Framework Mode](https://reactrouter.com/start/modes#framework)
when using the `getKey`/`storageKey` props during Server-Side Rendering
which could allow arbitrary JavaScript execution during SSR if untrusted
content is used to generate the keys.

> [!NOTE]
> This does not impact applications if developers have [disabled
server-side rendering](https://reactrouter.com/how-to/spa) in Framework
Mode, or if they are using [Declarative
Mode](https://reactrouter.com/start/modes#declarative)
(`<BrowserRouter>`) or [Data
Mode](https://reactrouter.com/start/modes#data)
(`createBrowserRouter`/`<RouterProvider>`).

####
[CVE-2026-22029](https://redirect.github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx)

React Router (and Remix v1/v2) SPA open navigation redirects originating
from loaders or actions in [Framework
Mode](https://reactrouter.com/start/modes#framework), [Data
Mode](https://reactrouter.com/start/modes#data), or the unstable RSC
modes can result in unsafe URLs causing unintended javascript executi... (continued)

3272 of 4178 branches covered (78.31%)

Branch coverage included in aggregate %.

5743 of 6437 relevant lines covered (89.22%)

120959.48 hits per line

Jobs
ID Job ID Ran Files Coverage
1 charts - 20844945750.1 215
21.36
 GitHub Action Run
2 cypress-commands - 20844945750.2 157
9.99
 GitHub Action Run
3 base - 20844945750.3 162
11.55
 GitHub Action Run
4 main/src/internal - 20844945750.4 157
10.14
 GitHub Action Run
5 main/src/webComponents - 20844945750.5 157
8.42
 GitHub Action Run
6 compat - 20844945750.6 168
13.34
 GitHub Action Run
7 main/src/components - 20844945750.7 157
85.97
 GitHub Action Run
Source Files on build 20844945750