fix(security): upgrade Remix packages 2.1.0 → 2.17.4#3371
fix(security): upgrade Remix packages 2.1.0 → 2.17.4#3371devin-ai-integration[bot] wants to merge 1 commit intomainfrom
Conversation
Upgraded packages: - @remix-run/express: 2.1.0 → 2.17.4 - @remix-run/node: 2.1.0 → 2.17.4 - @remix-run/react: 2.1.0 → 2.17.4 - @remix-run/router: 1.15.3 → 1.23.2 - @remix-run/serve: 2.1.0 → 2.17.4 - @remix-run/server-runtime: 2.1.0 → 2.17.4 - @remix-run/dev: 2.1.0 → 2.17.4 - @remix-run/eslint-config: 2.1.0 → 2.17.4 - @remix-run/testing: 2.1.0 → 2.17.4 Also updated tar-fs override for new @remix-run/dev version. Co-Authored-By: Eric Allam <eallam@icloud.com>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
|
Thanks for your contribution! We require all external PRs to be opened in draft status first so you can address CodeRabbit review comments and ensure CI passes before requesting a review. Please re-open this PR as a draft. See CONTRIBUTING.md for details. |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
| "@remix-run/express": "2.17.4", | ||
| "@remix-run/node": "2.17.4", | ||
| "@remix-run/react": "2.17.4", | ||
| "@remix-run/router": "^1.23.2", | ||
| "@remix-run/serve": "2.17.4", | ||
| "@remix-run/server-runtime": "2.17.4", |
There was a problem hiding this comment.
🚩 Documentation references to 'Remix 2.1.0' are now stale
Multiple guidance files reference 'Remix 2.1.0' which is now incorrect after this PR:
CLAUDE.md:100statesapps/webapp: Remix 2.1.0 appapps/webapp/CLAUDE.md:1statesRemix 2.1.0 app serving as the main API....cursor/rules/webapp.mdcstatesis a Remix 2.1.0 app that uses an express server
These are AI agent guidance files. After this PR merges, agents will be given outdated version information, which could lead them to reference wrong API behaviors or compatibility constraints. Consider updating these references to 2.17.4.
Was this helpful? React with 👍 or 👎 to provide feedback.
1 participant
Summary
Upgrades all
@remix-run/*packages inapps/webappfrom 2.1.0 → 2.17.4 to address security vulnerabilities. This is a recreation of #2951 on a fresh checkout ofmain.Updated packages:
@remix-run/express,@remix-run/node,@remix-run/react,@remix-run/serve,@remix-run/server-runtime: 2.1.0 → 2.17.4@remix-run/router: ^1.15.3 → ^1.23.2@remix-run/dev,@remix-run/eslint-config,@remix-run/testing: 2.1.0 → 2.17.4Also updated in root
package.jsonoverrides:@remix-run/dev@2.17.4>tar-fs: 2.1.3 → 2.1.4testcontainers@10.28.0>tar-fs: 3.0.9 → 3.1.1No application code changes — only
package.jsonfiles and the regeneratedpnpm-lock.yaml.Review & Testing Checklist for Human
pnpm turbo build --filter webappand confirm no build errors from the Remix upgraderemix-auth-email-linkandremix-auth-githubdeclare peer deps on@remix-run/server-runtime@^1.x, which is now 2.17.4. Confirm login/auth still works end-to-endtar-fs@2.1.4andtar-fs@3.1.1resolve the targeted security advisoriesRecommended test plan: deploy to a staging environment and exercise the core webapp flows (login, dashboard navigation, task creation/viewing) to catch any runtime regressions from the Remix upgrade.
Notes
remix-auth-email-linkandremix-auth-github(expecting@remix-run/server-runtime@^1.x) were present in the original PR as well and appear to be pre-existingLink to Devin session: https://app.devin.ai/sessions/d9fa9953b9bf40e5a8d12b8f5ba5b86b
Requested by: @ericallam