chore(react-router): Update dependency react-router to v7.5.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
react-router (source)	7.1.5 -> 7.5.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

remix-run/react-router (react-router)

v7.5.0

Compare Source

Minor Changes

• Add granular object-based API for route.lazy to support lazy loading of individual route properties, for example: (#​13294)

  createBrowserRouter([
    {
      path: "/show/:showId",
      lazy: {
        loader: async () => (await import("./show.loader.js")).loader,
        action: async () => (await import("./show.action.js")).action,
        Component: async () => (await import("./show.component.js")).Component,
      },
    },
  ]);

  Breaking change for route.unstable_lazyMiddleware consumers

  The route.unstable_lazyMiddleware property is no longer supported. If you want to lazily load middleware, you must use the new object-based route.lazy API with route.lazy.unstable_middleware, for example:

  createBrowserRouter([
    {
      path: "/show/:showId",
      lazy: {
        unstable_middleware: async () =>
          (await import("./show.middleware.js")).middleware,
        // etc.
      },
    },
  ]);

Patch Changes

• Introduce unstable_subResourceIntegrity future flag that enables generation of an importmap with integrity for the scripts that will be loaded by the browser. (#​13163)

v7.4.1

Compare Source

Patch Changes

• Fix types on unstable_MiddlewareFunction to avoid type errors when a middleware doesn't return a value (#​13311)

• Dedupe calls to route.lazy functions (#​13260)

• Add support for route.unstable_lazyMiddleware function to allow lazy loading of middleware logic. (#​13210)

  Breaking change for unstable_middleware consumers

  The route.unstable_middleware property is no longer supported in the return value from route.lazy. If you want to lazily load middleware, you must use route.unstable_lazyMiddleware.

v7.4.0

Compare Source

Patch Changes

• Fix root loader data on initial load redirects in SPA mode (#​13222)
• Load ancestor pathless/index routes in lazy route discovery for upwards non-eager-discoery routing (#​13203)
• Fix shouldRevalidate behavior for clientLoader-only routes in ssr:true apps (#​13221)
• UNSTABLE: Fix RequestHandler loadContext parameter type when middleware is enabled (#​13204)
• UNSTABLE: Update Route.unstable_MiddlewareFunction to have a return value of Response | undefined instead of Response | void becaue you should not return anything if you aren't returning the Response (#​13199)
• UNSTABLE(BREAKING): If a middleware throws an error, ensure we only bubble the error itself via next() and are no longer leaking the MiddlewareError implementation detail (#​13180)

v7.3.0

Compare Source

Minor Changes

• Add fetcherKey as a parameter to patchRoutesOnNavigation (#​13061)

  • In framework mode, Lazy Route Discovery will now detect manifest version mismatches after a new deploy
  • On navigations to undiscovered routes, this mismatch will trigger a document reload of the destination path
  • On fetcher calls to undiscovered routes, this mismatch will trigger a document reload of the current path

Patch Changes

• Skip resource route flow in dev server in SPA mode (#​13113)

• Support middleware on routes (unstable) (#​12941)

  Middleware is implemented behind a future.unstable_middleware flag. To enable, you must enable the flag and the types in your react-router-config.ts file:

  import type { Config } from "@​react-router/dev/config";
  import type { Future } from "react-router";
  
  declare module "react-router" {
    interface Future {
      unstable_middleware: true; // 👈 Enable middleware types
    }
  }
  
  export default {
    future: {
      unstable_middleware: true, // 👈 Enable middleware
    },
  } satisfies Config;

  ⚠️ Middleware is unstable and should not be adopted in production. There is at least one known de-optimization in route module loading for clientMiddleware that we will be addressing this before a stable release.

  ⚠️ Enabling middleware contains a breaking change to the context parameter passed to your loader/action functions - see below for more information.

  Once enabled, routes can define an array of middleware functions that will run sequentially before route handlers run. These functions accept the same parameters as loader/action plus an additional next parameter to run the remaining data pipeline. This allows middlewares to perform logic before and after handlers execute.

  // Framework mode
  export const unstable_middleware = [serverLogger, serverAuth]; // server
  export const unstable_clientMiddleware = [clientLogger]; // client
  
  // Library mode
  const routes = [
    {
      path: "/",
      // Middlewares are client-side for library mode SPA's
      unstable_middleware: [clientLogger, clientAuth],
      loader: rootLoader,
      Component: Root,
    },
  ];

  Here's a simple example of a client-side logging middleware that can be placed on the root route:

  const clientLogger: Route.unstable_ClientMiddlewareFunction = async (
    { request },
    next
  ) => {
    let start = performance.now();
  
    // Run the remaining middlewares and all route loaders
    await next();
  
    let duration = performance.now() - start;
    console.log(`Navigated to ${request.url} (${duration}ms)`);
  };

  Note that in the above example, the next/middleware functions don't return anything. This is by design as on the client there is no "response" to send over the network like there would be for middlewares running on the server. The data is all handled behind the scenes by the stateful router.

  For a server-side middleware, the next function will return the HTTP Response that React Router will be sending across the wire, thus giving you a chance to make changes as needed. You may throw a new response to short circuit and respond immediately, or you may return a new or altered response to override the default returned by next().

  const serverLogger: Route.unstable_MiddlewareFunction = async (
    { request, params, context },
    next
  ) => {
    let start = performance.now();
  
    // 👇 Grab the response here
    let res = await next();
  
    let duration = performance.now() - start;
    console.log(`Navigated to ${request.url} (${duration}ms)`);
  
    // 👇 And return it here (optional if you don't modify the response)
    return res;
  };

  You can throw a redirect from a middleware to short circuit any remaining processing:

  import { sessionContext } from "../context";
  const serverAuth: Route.unstable_MiddlewareFunction = (
    { request, params, context },
    next
  ) => {
    let session = context.get(sessionContext);
    let user = session.get("user");
    if (!user) {
      session.set("returnTo", request.url);
      throw redirect("/login", 302);
    }
  };

  Note that in cases like this where you don't need to do any post-processing you don't need to call the next function or return a Response.

  Here's another example of using a server middleware to detect 404s and check the CMS for a redirect:

  const redirects: Route.unstable_MiddlewareFunction = async ({
    request,
    next,
  }) => {
    // attempt to handle the request
    let res = await next();
  
    // if it's a 404, check the CMS for a redirect, do it last
    // because it's expensive
    if (res.status === 404) {
      let cmsRedirect = await checkCMSRedirects(request.url);
      if (cmsRedirect) {
        throw redirect(cmsRedirect, 302);
      }
    }
  
    return res;
  };

  context parameter

  When middleware is enabled, your application will use a different type of context parameter in your loaders and actions to provide better type safety. Instead of AppLoadContext, context will now be an instance of ContextProvider that you can use with type-safe contexts (similar to React.createContext):

  import { unstable_createContext } from "react-router";
  import { Route } from "./+types/root";
  import type { Session } from "./sessions.server";
  import { getSession } from "./sessions.server";
  
  let sessionContext = unstable_createContext<Session>();
  
  const sessionMiddleware: Route.unstable_MiddlewareFunction = ({
    context,
    request,
  }) => {
    let session = await getSession(request);
    context.set(sessionContext, session);
    //                          ^ must be of type Session
  };
  
  // ... then in some downstream middleware
  const loggerMiddleware: Route.unstable_MiddlewareFunction = ({
    context,
    request,
  }) => {
    let session = context.get(sessionContext);
    //  ^ typeof Session
    console.log(session.get("userId"), request.method, request.url);
  };
  
  // ... or some downstream loader
  export function loader({ context }: Route.LoaderArgs) {
    let session = context.get(sessionContext);
    let profile = await getProfile(session.get("userId"));
    return { profile };
  }

  If you are using a custom server with a getLoadContext function, the return value for initial context values passed from the server adapter layer is no longer an object and should now return an unstable_InitialContext (Map<RouterContext, unknown>):

  let adapterContext = unstable_createContext<MyAdapterContext>();
  
  function getLoadContext(req, res): unstable_InitialContext {
    let map = new Map();
    map.set(adapterContext, getAdapterContext(req));
    return map;
  }

• Fix types for loaderData and actionData that contained Records (#​13139)

  UNSTABLE(BREAKING):

  unstable_SerializesTo added a way to register custom serialization types in Single Fetch for other library and framework authors like Apollo.
  It was implemented with branded type whose branded property that was made optional so that casting arbitrary values was easy:

  // without the brand being marked as optional
  let x1 = 42 as unknown as unstable_SerializesTo<number>;
  //          ^^^^^^^^^^
  
  // with the brand being marked as optional
  let x2 = 42 as unstable_SerializesTo<number>;

  However, this broke type inference in loaderData and actionData for any Record types as those would now (incorrectly) match unstable_SerializesTo.
  This affected all users, not just those that depended on unstable_SerializesTo.
  To fix this, the branded property of unstable_SerializesTo is marked as required instead of optional.

  For library and framework authors using unstable_SerializesTo, you may need to add as unknown casts before casting to unstable_SerializesTo.

• [REMOVE] Remove middleware depth logic and always call middlware for all matches (#​13172)

• Fix single fetch _root.data requests when a basename is used (#​12898)

• Add context support to client side data routers (unstable) (#​12941)

  Your application loader and action functions on the client will now receive a context parameter. This is an instance of unstable_RouterContextProvider that you use with type-safe contexts (similar to React.createContext) and is most useful with the corresponding middleware/clientMiddleware API's:

  import { unstable_createContext } from "react-router";
  
  type User = {
    /*...*/
  };
  
  let userContext = unstable_createContext<User>();
  
  function sessionMiddleware({ context }) {
    let user = await getUser();
    context.set(userContext, user);
  }
  
  // ... then in some downstream loader
  function loader({ context }) {
    let user = context.get(userContext);
    let profile = await getProfile(user.id);
    return { profile };
  }

  Similar to server-side requests, a fresh context will be created per navigation (or fetcher call). If you have initial data you'd like to populate in the context for every request, you can provide an unstable_getContext function at the root of your app:

  • Library mode - createBrowserRouter(routes, { unstable_getContext })
  • Framework mode - <HydratedRouter unstable_getContext>

  This function should return an value of type unstable_InitialContext which is a Map<unstable_RouterContext, unknown> of context's and initial values:

  const loggerContext = unstable_createContext<(...args: unknown[]) => void>();
  
  function logger(...args: unknown[]) {
    console.log(new Date.toISOString(), ...args);
  }
  
  function unstable_getContext() {
    let map = new Map();
    map.set(loggerContext, logger);
    return map;
  }

v7.2.0

Compare Source

Minor Changes

• New type-safe href utility that guarantees links point to actual paths in your app (#​13012)

  import { href } from "react-router";
  
  export default function Component() {
    const link = href("/blog/:slug", { slug: "my-first-post" });
    return (
      <main>
        <Link to={href("/products/:id", { id: "asdf" })} />
        <NavLink to={href("/:lang?/about", { lang: "en" })} />
      </main>
    );
  }

Patch Changes

• Fix typegen for repeated params (#​13012)

  In React Router, path parameters are keyed by their name.
  So for a path pattern like /a/:id/b/:id?/c/:id, the last :id will set the value for id in useParams and the params prop.
  For example, /a/1/b/2/c/3 will result in the value { id: 3 } at runtime.

  Previously, generated types for params incorrectly modeled repeated params with an array.
  So /a/1/b/2/c/3 generated a type like { id: [1,2,3] }.

  To be consistent with runtime behavior, the generated types now correctly model the "last one wins" semantics of path parameters.
  So /a/1/b/2/c/3 now generates a type like { id: 3 }.

• Don't apply Single Fetch revalidation de-optimization when in SPA mode since there is no server HTTP request (#​12948)

• Properly handle revalidations to across a prerender/SPA boundary (#​13021)

  • In "hybrid" applications where some routes are pre-rendered and some are served from a SPA fallback, we need to avoid making .data requests if the path wasn't pre-rendered because the request will 404
  • We don't know all the pre-rendered paths client-side, however:
    • All loader data in ssr:false mode is static because it's generated at build time
    • A route must use a clientLoader to do anything dynamic
    • Therefore, if a route only has a loader and not a clientLoader, we disable revalidation by default because there is no new data to retrieve
    • We short circuit and skip single fetch .data request logic if there are no server loaders with shouldLoad=true in our single fetch dataStrategy
    • This ensures that the route doesn't cause a .data request that would 404 after a submission

• Error at build time in ssr:false + prerender apps for the edge case scenario of: (#​13021)

  • A parent route has only a loader (does not have a clientLoader)
  • The parent route is pre-rendered
  • The parent route has children routes which are not prerendered
  • This means that when the child paths are loaded via the SPA fallback, the parent won't have any loaderData because there is no server on which to run the loader
  • This can be resolved by either adding a parent clientLoader or pre-rendering the child paths
  • If you add a clientLoader, calling the serverLoader() on non-prerendered paths will throw a 404

• Add unstable support for splitting route modules in framework mode via future.unstable_splitRouteModules (#​11871)

• Add unstable_SerializesTo brand type for library authors to register types serializable by React Router's streaming format (turbo-stream) (ab5b05b02)

• Align dev server behavior with static file server behavior when ssr:false is set (#​12948)

  • When no prerender config exists, only SSR down to the root HydrateFallback (SPA Mode)
  • When a prerender config exists but the current path is not prerendered, only SSR down to the root HydrateFallback (SPA Fallback)
  • Return a 404 on .data requests to non-pre-rendered paths

• Improve prefetch performance of CSS side effects in framework mode (#​12889)

• Disable Lazy Route Discovery for all ssr:false apps and not just "SPA Mode" because there is no runtime server to serve the search-param-configured __manifest requests (#​12894)

  • We previously only disabled this for "SPA Mode" which is ssr:false and no prerender config but we realized it should apply to all ssr:false apps, including those prerendering multiple pages
  • In those prerender scenarios we would prerender the /__manifest file assuming the static file server would serve it but that makes some unneccesary assumptions about the static file server behaviors

• Properly handle interrupted manifest requests in lazy route discovery (#​12915)

---

Configuration

📅 Schedule: Branch creation - "before 7am on the first day of the week" in timezone GMT, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
clerk-js-sandbox	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 24, 2025 7:09am

[changeset-bot]

⚠️ No Changeset found

Latest commit: 5a5b52c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.