[Snyk] Security upgrade react-router-dom from 5.1.2 to 6.30.2

[thebeanogamer]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• package.json
• pnpm-lock.yaml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Open Redirect SNYK-JS-REACTROUTER-14908286	641

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect

[cloudflare-workers-and-pages]

Deploying shell-lab with    Cloudflare Pages

Latest commit:	cb07944
Status:	🚫  Build failed.

View logs

[Copilot]

Pull request overview

This PR upgrades the react-router-dom dependency from version 5.1.2 to 6.30.3 to address a high-severity Open Redirect vulnerability (SNYK-JS-REACTROUTER-14908286). This is a major version upgrade that introduces significant breaking changes to the routing API.

Changes:

• Updated react-router-dom from ^5.1.2 to ^6.30.2 in package.json
• Updated pnpm-lock.yaml to reflect the new dependency tree with version 6.30.3

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File	Description
package.json	Updates react-router-dom version constraint to ^6.30.2
pnpm-lock.yaml	Updates dependency resolution to react-router-dom 6.30.3 and adds new transitive dependencies including @remix-run/router

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The version in package.json specifies ^6.30.2 but the pnpm-lock.yaml has resolved to 6.30.3. While this is typically acceptable with semver ranges, for security-critical upgrades it's better to have exact alignment. Consider updating package.json to ^6.30.3 to match the locked version.

Suggested change

	"react-router-dom": "^6.30.2",
	"react-simple-code-editor": "^0.11.0",
	"react-vis-network": "^1.0.0",
	"react-router-dom": "^6.30.3",
	"react-simple-code-editor": "^0.11.0",
	"react-vis-network": "^1.0.0",

[Copilot]

This PR upgrades react-router-dom from version 5.1.2 to 6.30.3, which is a major version upgrade with significant breaking changes. However, no corresponding code changes are included to handle these breaking changes. The codebase extensively uses React Router v5 APIs that have been removed or changed in v6:

1. Switch component has been replaced with Routes and has a different API
2. Route component props have changed (no more 'component' prop, children rendering is different)
3. Redirect component has been replaced with Navigate component
4. The 'exact' prop is no longer needed on Routes

This upgrade will break the application at runtime. The PR needs to include migration code for all affected files including:

• src/controllers/App.js
• src/controllers/Routes.js
• src/pages/Campaign.js
• src/pages/ChallengePage.js
• src/pages/Lists.js
• src/pages/TeamPage.js
• src/plugins/base/auth/components/EmailVerif.js
• src/plugins/base/auth/components/PasswordReset.js
• src/plugins/base/auth/components/Teams.js
• src/plugins/base/auth/components/Welcome.js
• src/plugins/cms.js

Before merging, all imports and usages of Switch, Route, and Redirect need to be updated to the v6 API.

Suggested change

	"react-router-dom": "^6.30.2",
	"react-router-dom": "^5.1.2",