chore(deps): bump react-router-dom from 6.20.1 to 7.0.0 in /demos/jans-tarp

[dependabot[bot]]

Bumps react-router-dom from 6.20.1 to 7.0.0.

Release notes

Sourced from react-router-dom's releases.

react-router-dom-v5-compat@6.4.0-pre.15

Patch Changes

• Updated dependencies
  • react-router@6.4.0-pre.15
  • react-router-dom@6.4.0-pre.15

react-router-dom-v5-compat@6.4.0-pre.11

Patch Changes

• Updated dependencies
  • react-router@6.4.0-pre.11
  • react-router-dom@6.4.0-pre.11

react-router-dom-v5-compat@6.4.0-pre.10

Patch Changes

• Updated dependencies
  • react-router@6.4.0-pre.10
  • react-router-dom@6.4.0-pre.10

react-router-dom-v5-compat@6.4.0-pre.9

Patch Changes

• Updated dependencies
  • react-router@6.4.0-pre.9
  • react-router-dom@6.4.0-pre.9

react-router-dom-v5-compat@6.4.0-pre.8

Patch Changes

• Updated dependencies
  • react-router@6.4.0-pre.8
  • react-router-dom@6.4.0-pre.8

react-router-dom-v5-compat@6.4.0-pre.7

Patch Changes

• Updated dependencies
  • react-router@6.4.0-pre.7
  • react-router-dom@6.4.0-pre.7

react-router-dom-v5-compat@6.4.0-pre.6

Patch Changes

• 44bce3c6: Fix react-router-dom peer dependency version
  • react-router@6.4.0-pre.6
  • react-router-dom@6.4.0-pre.6

react-router-dom-v5-compat@6.4.0-pre.5

... (truncated)

Changelog

Sourced from react-router-dom's changelog.

7.0.0

Major Changes

• Remove the original defer implementation in favor of using raw promises via single fetch and turbo-stream. This removes these exports from React Router: (#11744)

  • defer
  • AbortedDeferredError
  • type TypedDeferredData
  • UNSAFE_DeferredData
  • UNSAFE_DEFERRED_SYMBOL,

• Use createRemixRouter/RouterProvider in entry.client instead of RemixBrowser (#11469)

• Remove single_fetch future flag. (#11522)

• Remove future.v7_startTransition flag (#11696)

• Remove future.v7_normalizeFormMethod future flag (#11697)

• Allow returning undefined from actions and loaders (#11680)

• update minimum node version to 18 (#11690)

• Remove future.v7_prependBasename from the ionternalized @remix-run/router package (#11726)

• Remove future.v7_throwAbortReason from internalized @remix-run/router package (#11728)

• Add exports field to all packages (#11675)

• node package no longer re-exports from react-router (#11702)

• updates the minimum React version to 18 (#11689)

• • Remove the future.v7_partialHydration flag (#11725)
    • This also removes the <RouterProvider fallbackElement> prop
      • To migrate, move the fallbackElement to a hydrateFallbackElement/HydrateFallback on your root route
    • Also worth nothing there is a related breaking changer with this future flag:
      • Without future.v7_partialHydration (when using fallbackElement), state.navigation was populated during the initial load
      • With future.v7_partialHydration, state.navigation remains in an "idle" state during the initial load

• Remove future.v7_fetcherPersist flag (#11731)

Minor Changes

• Add prefetching support to Link/NavLink when using Remix SSR (#11402)
• Enhance ScrollRestoration so it can restore properly on an SSR'd document load (#11401)
• Add built-in Remix-style hydration support to RouterProvider. When running from a Remix-SSR'd HTML payload with the proper window variables (__remixContext, __remixManifest, __remixRouteModules), you don't need to pass a router prop and RouterProvider will create the router for you internally. (#11396) (#11400)

Patch Changes

... (truncated)

Commits

• e8e3b00 chore: Update version for release (#12344)
• 1499f3e chore: Update version for release (pre) (#12315)
• 995bcbb chore: Update version for release (pre) (#12235)
• 0e9b346 chore: Update version for release (pre) (#12205)
• 6576bd0 chore: Update version for release (pre) (#12202)
• 8daac72 Merge branch 'dev' into release-next
• 2d5924f feat: configure export conditions properly (#12136)
• 18dc8b8 chore: Update version for release (pre) (#12184)
• fde6951 Merge branch 'dev' into release-next
• 813497a Drop support for Node 18 and installGlobals (#12171)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dryrunsecurity[bot]]

DryRun Security Summary

The pull request updates the react-router-dom dependency from version 6.20 to 7.0, which is a major version update, and it is important to thoroughly test the application after the update to ensure that no regressions or vulnerabilities have been introduced, particularly with the use of the qs library for parsing and stringifying query strings.

Expand for full summary

**Summary:** The code change in this pull request updates the version of the `react-router-dom` dependency from `6.20` to `7.0`, which is a major version update. While updating dependencies to newer versions is generally a good practice, as it may include security fixes and improvements, it is important to thoroughly test the application after the update to ensure that no regressions or vulnerabilities have been introduced. One potential security concern to consider is the use of the `qs` library, which is used for parsing and stringifying query strings. Older versions of this library may have been vulnerable to security issues such as Prototype Pollution, which could potentially lead to server-side request forgery (SSRF) or other types of attacks. It is recommended to review the changelog and release notes for the `qs` library to ensure that the version being used is not affected by known security vulnerabilities. **Files Changed:** - `demos/jans-tarp/package.json`: The changes in this file update the version of the `react-router-dom` dependency from `6.20` to `7.0`. This is a major version update, which could potentially introduce breaking changes in the application's routing functionality. It is important to thoroughly test the application after the update to ensure that no regressions or vulnerabilities have been introduced.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

:green_circle: Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[dependabot[bot]]

Superseded by #10260.