Bump the router group in /frontend-react with 2 updates

[dependabot]

Bumps the router group in /frontend-react with 2 updates: react-router and react-router-dom.

Updates react-router from 6.28.0 to 7.0.2

Release notes

Sourced from react-router's releases.

v7.0.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v702

v7.0.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v701

v7.0.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v700

Changelog

Sourced from react-router's changelog.

7.0.2

Patch Changes

• temporarily only use one build in export map so packages can have a peer dependency on react router (#12437)

• Generate wide matches and params types for current route and child routes (#12397)

  At runtime, matches includes child route matches and params include child route path parameters. But previously, we only generated types for parent routes in matches; for params, we only considered the parent routes and the current route. To align our generated types more closely to the runtime behavior, we now generate more permissive, wider types when accessing child route information.

7.0.1

7.0.0

Major Changes

• Remove the original defer implementation in favor of using raw promises via single fetch and turbo-stream. This removes these exports from React Router: (#11744)

  • defer
  • AbortedDeferredError
  • type TypedDeferredData
  • UNSAFE_DeferredData
  • UNSAFE_DEFERRED_SYMBOL,
• • Collapse @remix-run/router into react-router (#11505)
  • Collapse react-router-dom into react-router
  • Collapse @remix-run/server-runtime into react-router
  • Collapse @remix-run/testing into react-router

• Remove single_fetch future flag. (#11522)

• Drop support for Node 16, React Router SSR now requires Node 18 or higher (#11391)

• Remove future.v7_startTransition flag (#11696)

• • Expose the underlying router promises from the following APIs for compsition in React 19 APIs: (#11521)
    • useNavigate()
    • useSubmit
    • useFetcher().load
    • useFetcher().submit
    • useRevalidator.revalidate

• Remove future.v7_normalizeFormMethod future flag (#11697)

• For Remix consumers migrating to React Router, the crypto global from the Web Crypto API is now required when using cookie and session APIs. This means that the following APIs are provided from react-router rather than platform-specific packages: (#11837)

  • createCookie
  • createCookieSessionStorage
  • createMemorySessionStorage

... (truncated)

Commits

• a51b35d chore: Update version for release (#12444)
• 05d7667 release: typegen fixes (#12443)
• 1007cc7 chore: Update version for release (pre) (#12442)
• 180a120 typegen: matches and params for child routes (#12397)
• 5ce8667 temporarily only use one build in export map (#12437)
• aed1b45 moved createRoutesFromElements for API docs (#12341)
• 47953dd chore: format
• 202825c chore: Update version for release (#12347)
• d7dc44a Merge branch 'release-next' into dev
• e8e3b00 chore: Update version for release (#12344)
• Additional commits viewable in compare view

Updates react-router-dom from 6.28.0 to 7.0.2

Release notes

Sourced from react-router-dom's releases.

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• Updated dependencies
  • [email protected]
  • [email protected]

[email protected]

Patch Changes

• 44bce3c6: Fix react-router-dom peer dependency version
  • [email protected]
  • [email protected]

[email protected]

... (truncated)

Changelog

Sourced from react-router-dom's changelog.

7.0.2

Patch Changes

• Updated dependencies:
  • [email protected]

7.0.1

Patch Changes

• Updated dependencies:
  • [email protected]

7.0.0

Major Changes

• Remove the original defer implementation in favor of using raw promises via single fetch and turbo-stream. This removes these exports from React Router: (#11744)

  • defer
  • AbortedDeferredError
  • type TypedDeferredData
  • UNSAFE_DeferredData
  • UNSAFE_DEFERRED_SYMBOL,

• Use createRemixRouter/RouterProvider in entry.client instead of RemixBrowser (#11469)

• Remove single_fetch future flag. (#11522)

• Remove future.v7_startTransition flag (#11696)

• Remove future.v7_normalizeFormMethod future flag (#11697)

• Allow returning undefined from actions and loaders (#11680)

• update minimum node version to 18 (#11690)

• Remove future.v7_prependBasename from the ionternalized @remix-run/router package (#11726)

• Remove future.v7_throwAbortReason from internalized @remix-run/router package (#11728)

• Add exports field to all packages (#11675)

• node package no longer re-exports from react-router (#11702)

• updates the minimum React version to 18 (#11689)

• • Remove the future.v7_partialHydration flag (#11725)
    • This also removes the <RouterProvider fallbackElement> prop

... (truncated)

Commits

• a51b35d chore: Update version for release (#12444)
• 1007cc7 chore: Update version for release (pre) (#12442)
• 47953dd chore: format
• 202825c chore: Update version for release (#12347)
• fd6c297 chore: format
• d7dc44a Merge branch 'release-next' into dev
• e8e3b00 chore: Update version for release (#12344)
• 1499f3e chore: Update version for release (pre) (#12315)
• c8fd138 docs: adjusted READMEs for the api docs generator
• 995bcbb chore: Update version for release (pre) (#12235)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/react-router	~7.0.2	🟢 3.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/react-router-dom	~7.0.2	🟢 3.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/react-router	7.0.2	🟢 3.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/react-router-dom	7.0.2	🟢 3.7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 3 Found 9/30 approved changesets -- score normalized to 3 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 30 existing vulnerabilities detected
npm/set-cookie-parser	2.7.1	🟢 3.9	Details Check Score Reason Code-Review ⚠️ 0 Found 2/21 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 5 5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
npm/turbo-stream	2.4.0	Unknown	Unknown

Scanned Manifest Files

frontend-react/package.json

• react-router@~7.0.2
• react-router-dom@~7.0.2
• react-router@~6.28.0
• react-router-dom@~6.28.0

frontend-react/yarn.lock

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• @remix-run/[email protected]
• [email protected]
• [email protected]

[jpandersen87]

@dependabot rebase