Update dependency remix-run/react-router to v7

[renovate]

This PR contains the following updates:

Package	Update	Change
remix-run/react-router	major	6.30.0 -> 7.6.1

---

Release Notes

remix-run/react-router (remix-run/react-router)

v7.6.1

Compare Source

Date: 2025-05-25

Patch Changes

• react-router - Partially revert optimization added in 7.1.4 to reduce calls to matchRoutes because it surfaced other issues (#​13562)

• react-router - Update Route.MetaArgs to reflect that data can be potentially undefined (#​13563)

  • This is primarily for cases where a route loader threw an error to it's own ErrorBoundary, but it also arises in the case of a 404 which renders the root ErrorBoundary/meta but the root loader did not run because not routes matched

• react-router - Avoid initial fetcher execution 404 error when Lazy Route Discovery is interrupted by a navigation (#​13564)

• react-router - Properly href replaces splats * (#​13593)

  • href("/products/*", { "*": "/1/edit" }); // -> /products/1/edit

• @react-router/architect - Update @architect/functions from ^5.2.0 to ^7.0.0 (#​13556)

• @react-router/dev - Prevent typegen with route files that are outside the app/ directory (#​12996)

• @react-router/dev - Add additional logging to build command output when cleaning assets from server build (#​13547)

• @react-router/dev - Don't clean assets from server build when build.ssrEmitAssets has been enabled in Vite config (#​13547)

• @react-router/dev - Fix typegen when same route is used at multiple paths (#​13574)

  • For example, routes/route.tsx is used at 4 different paths here:

    import { type RouteConfig, route } from "@​react-router/dev/routes";
    export default [
      route("base/:base", "routes/base.tsx", [
        route("home/:home", "routes/route.tsx", { id: "home" }),
        route("changelog/:changelog", "routes/route.tsx", { id: "changelog" }),
        route("splat/*", "routes/route.tsx", { id: "splat" }),
      ]),
      route("other/:other", "routes/route.tsx", { id: "other" }),
    ] satisfies RouteConfig;

  • Previously, typegen would arbitrarily pick one of these paths to be the "winner" and generate types for the route module based on that path

  • Now, typegen creates unions as necessary for alternate paths for the same route file

• @react-router/dev - Better types for params (#​13543)

  • For example:

    // routes.ts
    import { type RouteConfig, route } from "@​react-router/dev/routes";
    
    export default [
      route("parent/:p", "routes/parent.tsx", [
        route("route/:r", "routes/route.tsx", [
          route("child1/:c1a/:c1b", "routes/child1.tsx"),
          route("child2/:c2a/:c2b", "routes/child2.tsx"),
        ]),
      ]),
    ] satisfies RouteConfig;

  • Previously, params for routes/route were calculated as { p: string, r: string }.

  • This incorrectly ignores params that could come from child routes

  • If visiting /parent/1/route/2/child1/3/4, the actual params passed to routes/route will have a type of { p: string, r: string, c1a: string, c1b: string }

  • Now, params are aware of child routes and autocompletion will include child params as optionals:

    params.|
    //     ^ cursor is here and you ask for autocompletion
    // p: string
    // r: string
    // c1a?: string
    // c1b?: string
    // c2a?: string
    // c2b?: string

  • You can also narrow the types for params as it is implemented as a normalized union of params for each page that includes routes/route:

    if (typeof params.c1a === 'string') {
      params.|
      //     ^ cursor is here and you ask for autocompletion
      // p: string
      // r: string
      // c1a: string
      // c1b: string
    }

• @react-router/dev - Fix href for optional segments (#​13595)

  • Type generation now expands paths with optionals into their corresponding non-optional paths

  • For example, the path /user/:id? gets expanded into /user and /user/:id to more closely model visitable URLs

  • href then uses these expanded (non-optional) paths to construct type-safe paths for your app:

    // original: /user/:id?
    // expanded: /user & /user/:id
    href("/user"); // ✅
    href("/user/:id", { id: 1 }); // ✅

  • This becomes even more important for static optional paths where there wasn't a good way to indicate whether the optional should be included in the resulting path:

    // original: /products/:id/detail?
    
    // before
    href("/products/:id/detail?"); // ❌ How can we tell `href` to include or omit `detail?` segment with a complex API?
    
    // now
    // expanded: /products/:id & /products/:id/detail
    href("/product/:id"); // ✅
    href("/product/:id/detail"); // ✅

Unstable Changes

⚠️ Unstable features are not recommended for production use

• @react-router/dev - Renamed internal react-router/route-module export to react-router/internal (#​13543)
• @react-router/dev - Removed Info export from generated +types/* files (#​13543)
• @react-router/dev - Normalize dirent entry path across node versions when generating SRI manifest (#​13591)

Full Changelog: v7.6.0...v7.6.1

v7.6.0

Compare Source

Date: 2025-05-08

What's Changed

routeDiscovery Config Option

We've added a new config option in 7.6.0 which grants you more control over the Lazy Route Discovery feature. You can now configure the /__manifest path if you're running multiple RR applications on the same server, or you can also disable the feature entirely if your application is small enough and the feature isn't necessary.

// react-router.config.ts

export default {
  // You can modify the manifest path used:
  routeDiscovery: { mode: "lazy", manifestPath: "/custom-manifest" }

  // Or you can disable this feature entirely and include all routes in the
  // manifest on initial document load:
  routeDiscovery: { mode: "initial" }

  // If you don't specify anything, the default config is as follows, which enables
  // Lazy Route Discovery and makes manifest requests to the `/__manifest` path:
  // routeDiscovery: { mode: "lazy", manifestPath: "/__manifest" }
} satisfies Config;

Automatic Types for Future Flags

Some future flags alter the way types should work in React Router. Previously, you had to remember to manually opt-in to the new types. For example, for future.unstable_middleware:

// react-router.config.ts

// Step 1: Enable middleware
export default {
  future: {
    unstable_middleware: true,
  },
};

// Step 2: Enable middleware types
declare module "react-router" {
  interface Future {
    unstable_middleware: true; // 👈 Enable middleware types
  }
}

It was up to you to keep the runtime future flags synced with the types for those flags. This was confusing and error-prone.

Now, React Router will automatically enable types for future flags. That means you only need to specify the runtime future flag:

// react-router.config.ts

// Step 1: Enable middleware
export default {
  future: {
    unstable_middleware: true,
  },
};

// No step 2! That's it!

Behind the scenes, React Router will generate the corresponding declare module into .react-router/types. Currently this is done in .react-router/types/+register.ts but this is an implementation detail that may change in the future.

Minor Changes

• react-router - Added a new routeDiscovery option in react-router.config.ts to configure Lazy Route Discovery behavior (#​13451)

• react-router - Add support for route component props in createRoutesStub (#​13528)

  • This allows you to unit test your route components using the props instead of the hooks:

    let RoutesStub = createRoutesStub([
      {
        path: "/",
        Component({ loaderData }) {
          let data = loaderData as { message: string };
          return <pre data-testid="data">Message: {data.message}</pre>;
        },
        loader() {
          return { message: "hello" };
        },
      },
    ]);
    
    render(<RoutesStub />);
    
    await waitFor(() => screen.findByText("Message: hello"));

• @react-router/dev - Automatic types for future flags (#​13506)

Patch Changes

You may notice this list is a bit larger than usual! The team ate their vegetables last week and spent the week squashing bugs to work on lowering the issue count that had ballooned a bit since the v7 release.

• react-router - Fix react-router module augmentation for NodeNext (#​13498)
• react-router - Don't bundle react-router in react-router/dom CJS export (#​13497)
• react-router - Fix bug where a submitting fetcher would get stuck in a loading state if a revalidating loader redirected (#​12873)
• react-router - Fix hydration error if a server loader returned undefined (#​13496)
• react-router - Fix initial load 404 scenarios in data mode (#​13500)
• react-router - Stabilize useRevalidator's revalidate function (#​13542)
• react-router - Preserve status code if a clientAction throws a data() result in framework mode (#​13522)
• react-router - Be defensive against leading double slashes in paths to avoid Invalid URL errors from the URL constructor (#​13510)
  • Note we do not sanitize/normalize these paths - we only detect them so we can avoid the error that would be thrown by new URL("//", window.location.origin)
• react-router - Remove Navigator declaration for navigator.connection.saveData to avoid messing with any other types beyond saveData in user land (#​13512)
• react-router - Fix handleError params values on .data requests for routes with a dynamic param as the last URL segment (#​13481)
• react-router - Don't trigger an ErrorBoundary UI before the reload when we detect a manifest version mismatch in Lazy Route Discovery (#​13480)
• react-router - Inline [email protected] dependency and fix decoding ordering of Map/Set instances (#​13518)
• react-router - Only render dev warnings during dev (#​13461)
• react-router - Short circuit post-processing on aborted dataStrategy requests (#​13521)
  • This resolves non-user-facing console errors of the form Cannot read properties of undefined (reading 'result')
• @react-router/dev - Support project root directories without a package.json if it exists in a parent directory (#​13472)
• @react-router/dev - When providing a custom Vite config path via the CLI --config/-c flag, default the project root directory to the directory containing the Vite config when not explicitly provided (#​13472)
• @react-router/dev - In a routes.ts context, ensure the --mode flag is respected for import.meta.env.MODE (#​13485)
  • Previously, import.meta.env.MODE within a routes.ts context was always "development" for the dev and typegen --watch commands, but otherwise resolved to "production". These defaults are still in place, but if a --mode flag is provided, this will now take precedence.
• @react-router/dev - Ensure consistent project root directory resolution logic in CLI commands (#​13472)
• @react-router/dev - When executing react-router.config.ts and routes.ts with vite-node, ensure that PostCSS config files are ignored (#​13489)
• @react-router/dev - When extracting critical CSS during development, ensure it's loaded from the client environment to avoid issues with plugins that handle the SSR environment differently (#​13503)
• @react-router/dev - Fix "Status message is not supported by HTTP/2" error during dev when using HTTPS (#​13460)
• @react-router/dev - Update config when react-router.config.ts is created or deleted during development (#​12319)
• @react-router/dev - Skip unnecessary routes.ts evaluation before Vite build is started (#​13513)
• @react-router/dev - Fix TS2300: Duplicate identifier errors caused by generated types (#​13499)
• Previously, routes that had the same full path would cause duplicate entries in the generated types for href (.react-router/types/+register.ts), causing type checking errors

Unstable Changes

⚠️ Unstable features are not recommended for production use

• react-router - Fix a few bugs with error bubbling in middleware use-cases (#​13538)
• @react-router/dev - When future.unstable_viteEnvironmentApi is enabled, ensure that build.assetsDir in Vite config is respected when environments.client.build.assetsDir is not configured (#​13491)

Changes by Package

• create-react-router
• react-router
• @react-router/architect
• @react-router/cloudflare
• @react-router/dev
• @react-router/express
• @react-router/fs-routes
• @react-router/node
• @react-router/remix-config-routes-adapter
• @react-router/serve

Full Changelog: v7.5.3...v7.6.0

v7.5.3

Compare Source

Date: 2025-04-28

Patch Changes

• react-router - Fix bug where bubbled action errors would result in loaderData being cleared at the handling ErrorBoundary route (#​13476)
• react-router - Handle redirects from clientLoader.hydrate initial load executions (#​13477)

Full Changelog: v7.5.2...v7.5.3

v7.5.2

Compare Source

Date: 2025-04-24

Security Notice

Fixed 2 security vulnerabilities that could result in cache-poisoning attacks by sending specific headers intended for build-time usage for SPA Mode and Pre-rendering (GHSA-f46r-rw29-r322, GHSA-cpj6-fhp6-mr6j).

Patch Changes

• react-router - Adjust approach for Pre-rendering/SPA Mode via headers (#​13453)
• react-router - Update Single Fetch to also handle the 204 redirects used in ?_data requests in Remix v2 (#​13364)
  • This allows applications to trigger a redirect on .data requests from outside the scope of React Router (i.e., an express/hono middleware) the same way they did in Remix v2 before Single Fetch was implemented
  • This is a bit of an escape hatch - the recommended way to handle this is redirecting from a root route middleware
  • To use this functionality, you may return from a .data request wih a response as follows:
    • Set a 204 status code
    • Set an X-Remix-Redirect: <new-location> header
    • Optionally, set X-Remix-Replace: true or X-Remix-Reload-Document: true headers to replicate replace()/redirectDocument() functionality
  • ⚠️ Please note that these responses rely on implementation details that are subject to change without a SemVer major release, and it is recommended you set up integration tests for your application to confirm this functionality is working correctly with each future React Router upgrade

Full Changelog: v7.5.1...v7.5.2

v7.5.1

Compare Source

Date: 2025-04-17

Patch Changes

• react-router - When using the object-based route.lazy API, the HydrateFallback and hydrateFallbackElement properties are now skipped when lazy loading routes after hydration (#​13376)

  • If you move the code for these properties into a separate file, since the hydrate properties were unused already (if the route wasn't present during hydration), you can avoid downloading them at all. For example:

    createBrowserRouter([
      {
        path: "/show/:showId",
        lazy: {
          loader: async () => (await import("./show.loader.js")).loader,
          Component: async () =>
            (await import("./show.component.js")).Component,
          HydrateFallback: async () =>
            (await import("./show.hydrate-fallback.js")).HydrateFallback,
        },
      },
    ]);

• react-router - Fix single fetch bug where no revalidation request would be made when navigating upwards to a reused parent route (#​13253)

• react-router - Properly revalidate pre-rendered paths when param values change when using ssr:false + prerender configs (#​13380)

• react-router - Fix pre-rendering when a loader returns a redirect (#​13365)

• react-router - Do not automatically add null to staticHandler.query() context.loaderData if routes do not have loaders (#​13223)

  • This was a Remix v2 implementation detail inadvertently left in for React Router v7
  • Now that we allow returning undefined from loaders, our prior check of loaderData[routeId] !== undefined was no longer sufficient and was changed to a routeId in loaderData check - these null values can cause issues for this new check
  • ⚠️ This could be a "breaking bug fix" for you if you are doing manual SSR with createStaticHandler()/<StaticRouterProvider>, and using context.loaderData to control <RouterProvider> hydration behavior on the client

Unstable Changes

⚠️ Unstable features are not recommended for production use

• react-router - Add better error messaging when getLoadContext is not updated to return a Map (#​13242)
• react-router - Update context type for LoaderFunctionArgs/ActionFunctionArgs when middleware is enabled (#​13381)
• react-router - Add a new unstable_runClientMiddleware argument to dataStrategy to enable middleware execution in custom dataStrategy implementations (#​13395)
• react-router - Add support for the new unstable_shouldCallHandler/unstable_shouldRevalidateArgs APIs in dataStrategy (#​13253)

Full Changelog: v7.5.0...v7.5.1

v7.5.0

Compare Source

Date: 2025-04-04

What's Changed

route.lazy Object API

We've introduced a new route.lazy API which gives you more granular control over the lazy loading of route properties that you could not achieve with the route.lazy() function signature. This is useful for Framework mode and performance-critical library mode applications.

createBrowserRouter([
  {
    path: "/show/:showId",
    lazy: {
      loader: async () => (await import("./show.loader.js")).loader,
      action: async () => (await import("./show.action.js")).action,
      Component: async () => (await import("./show.component.js")).Component,
    },
  },
]);

⚠️ This is a breaking change if you have adopted the route.unstable_lazyMiddleware API which has been removed in favor of route.lazy.unstable_middleware. See the Unstable Changes section below for more information.

Minor Changes

• react-router - Add granular object-based API for route.lazy to support lazy loading of individual route properties (#​13294)

Patch Changes

• @react-router/dev - Update optional wrangler peer dependency range to support wrangler v4 (#​13258)
• @react-router/dev - Reinstate dependency optimization in the child compiler to fix depsOptimizer is required in dev mode errors when using vite-plugin-cloudflare and importing Node.js builtins (#​13317)

Unstable Changes

⚠️ Unstable features are not recommended for production use

• react-router - Introduce future.unstable_subResourceIntegrity flag that enables generation of an importmap with integrity for the scripts that will be loaded by the browser (#​13163)
• react-router - Remove support for the route.unstable_lazyMiddleware property (#​13294)
  • In order to lazily load middleware, you can use the new object-based route.lazy.unstable_middleware API
• @react-router/dev - When future.unstable_viteEnvironmentApi is enabled, ensure critical CSS in development works when using a custom Vite base has been configured (#​13305)

Changes by Package

• create-react-router
• react-router
• @react-router/architect
• @react-router/cloudflare
• @react-router/dev
• @react-router/express
• @react-router/fs-routes
• @react-router/node
• @react-router/remix-config-routes-adapter
• @react-router/serve

Full Changelog: v7.4.1...v7.5.0

v7.4.1

Compare Source

Date: 2025-03-28

Security Notice

Fixed a security vulnerability that allowed URL manipulation and potential cache pollution via the Host and X-Forwarded-Host headers due to inadequate port sanitization (GHSA-4q56-crqp-v477/CVE-2025-31137).

Patch Changes

• react-router - Dedupe calls to route.lazy functions (#​13260)
• @react-router/dev - Fix path in prerender error messages (#​13257)
• @react-router/dev - Fix typegen for virtual modules when moduleDetection is set to force (#​13267)
• @react-router/express - Better validation of x-forwarded-host header to prevent potential security issues (#​13309)

Unstable Changes

⚠️ Unstable features are not recommended for production use

• react-router - Fix types on unstable_MiddlewareFunction to avoid type errors when a middleware doesn't return a value (#​13311)
• react-router - Add support for route.unstable_lazyMiddleware function to allow lazy loading of middleware logic (#​13210)
  • ⚠️ We do not recommend adoption of this API currently as we are likely going to change it prior to the stable release of middleware
  • ⚠️ This may be a breaking change if your app is currently returning unstable_middleware from route.lazy
  • The route.unstable_middleware property is no longer supported in the return value from route.lazy
  • If you want to lazily load middleware, you must use route.unstable_lazyMiddleware
• @react-router/dev - When both future.unstable_middleware and future.unstable_splitRouteModules are enabled, split unstable_clientMiddleware route exports into separate chunks when possible (#​13210)
• @react-router/dev - Improve performance of future.unstable_middleware by ensuring that route modules are only blocking during the middleware phase when the unstable_clientMiddleware has been defined (#​13210)

Full Changelog: v7.4.0...v7.4.1

v7.4.0

Compare Source

Date: 2025-03-19

Minor Changes

• @react-router/dev - Generate types for virtual:react-router/server-build module (#​13152)

Patch Changes

• react-router - Fix root loader data on initial load redirects in SPA mode (#​13222)
• react-router - Load ancestor pathless/index routes in lazy route discovery for upwards non-eager-discovery routing (#​13203)
• react-router - Fix shouldRevalidate behavior for clientLoader-only routes in ssr:true apps (#​13221)
• @react-router/dev - Fix conflicts with other Vite plugins that use the configureServer and/or configurePreviewServer hooks (#​13184)

Unstable Changes

⚠️ Unstable features are not recommended for production use

• react-router - If a middleware throws an error, ensure we only bubble the error itself via next() and are no longer leaking the MiddlewareError implementation detail (#​13180)
  • ⚠️ This may be a breaking change if you are catch-ing errors thrown by the next() function in your middlewares
• react-router - Fix RequestHandler loadContext parameter type when middleware is enabled (#​13204)
• react-router - Update Route.unstable_MiddlewareFunction to have a return value of Response | undefined instead of Response | void (#​13199)
• @react-router/dev - When future.unstable_splitRouteModules is set to "enforce", allow both splittable and unsplittable root route exports since it's always in a single chunk (#​13238)
• @react-router/dev - When future.unstable_viteEnvironmentApi is enabled, allow plugins that override the default SSR environment (such as @cloudflare/vite-plugin) to be placed before or after the React Router plugin (#​13183)

Changes by Package

• create-react-router
• react-router
• @react-router/architect
• @react-router/cloudflare
• @react-router/dev
• @react-router/express
• @react-router/fs-routes
• @react-router/node
• @react-router/remix-config-routes-adapter
• @react-router/serve

Full Changelog: v7.3.0...v7.4.0

v7.3.0

Compare Source

Date: 2025-03-06

Minor Changes

• Add fetcherKey as a parameter to patchRoutesOnNavigation (#​13061)

Patch Changes

• react-router - Detect and handle manifest-skew issues on new deploys during active sessions (#​13061)
  • In framework mode, Lazy Route Discovery will now detect manifest version mismatches in active sessions after a new deploy
  • On navigations to undiscovered routes, this mismatch will trigger a document reload of the destination path
  • On fetcher calls to undiscovered routes, this mismatch will trigger a document reload of the current path
• react-router - Skip resource route flow in dev server in SPA mode (#​13113)
• react-router - Fix single fetch _root.data requests when a basename is used (#​12898)
• react-router - Fix types for loaderData and actionData that contained Records (#​13139)
  • ⚠️ This is a breaking change for users who have already adopted unstable_SerializesTo - see the note in the Unstable Changes section below for more information
• @react-router/dev - Fix support for custom client build.rollupOptions.output.entryFileNames (#​13098)
• @react-router/dev - Fix usage of prerender option when serverBundles option has been configured or provided by a preset, e.g. vercelPreset from @vercel/react-router (#​13082)
• @react-router/dev - Fix support for custom build.assetsDir (#​13077)
• @react-router/dev - Remove unused dependencies (#​13134)
• @react-router/dev - Stub all routes except root in "SPA Mode" server builds to avoid issues when route modules or their dependencies import non-SSR-friendly modules (#​13023)
• @react-router/dev - Remove unused Vite file system watcher (#​13133)
• @react-router/dev - Fix support for custom SSR build input when serverBundles option has been configured (#​13107)
  • ⚠️ Note that for consumers using the future.unstable_viteEnvironmentApi and serverBundles options together, hyphens are no longer supported in server bundle IDs since they also need to be valid Vite environment names.
• @react-router/dev - Fix dev server when using HTTPS by stripping HTTP/2 pseudo headers from dev server requests (#​12830)
• @react-router/dev - Lazy load Cloudflare platform proxy on first dev server request when using the cloudflareDevProxy Vite plugin to avoid creating unnecessary workerd processes (#​13016)
• @react-router/dev - Fix duplicated entries in typegen for layout routes and their corresponding index route (#​13140)
• @react-router/express - Update express peerDependency to include v5 (https://github.com/remix-run/react-router/pull/13064) (#​12961)

Unstable Changes

⚠️ Unstable features are not recommended for production use

• react-router - Add context support to client side data routers (unstable) (#​12941)
• react-router - Support middleware on routes (unstable) (#​12941)
• @react-router/dev - Fix errors with future.unstable_viteEnvironmentApi when the ssr environment has been configured by another plugin to be a custom Vite.DevEnvironment rather than the default Vite.RunnableDevEnvironment (#​13008)
• @react-router/dev - When future.unstable_viteEnvironmentApi is enabled and the ssr environment has optimizeDeps.noDiscovery disabled, define optimizeDeps.entries and optimizeDeps.include (#​13007)

Client-side context (unstable)

Your application clientLoader/clientAction functions (or loader/action in library mode) will now receive a context parameter on the client. This is an instance of unstable_RouterContextProvider that you use with type-safe contexts (similar to React.createContext) and is most useful with the corresponding unstable_clientMiddleware API:

import { unstable_createContext } from "react-router";

type User = {
  /*...*/
};

const userContext = unstable_createContext<User>();

const sessionMiddleware: Route.unstable_ClientMiddlewareFunction = async ({
  context,
}) => {
  let user = await getUser();
  context.set(userContext, user);
};

export const unstable_clientMiddleware = [sessionMiddleware];

export function clientLoader({ context }: Route.ClientLoaderArgs) {
  let user = context.get(userContext);
  let profile = await getProfile(user.id);
  return { profile };
}

Similar to server-side requests, a fresh context will be created per navigation (or fetcher call). If you have initial data you'd like to populate in the context for every request, you can provide an unstable_getContext function at the root of your app:

• Library mode - createBrowserRouter(routes, { unstable_getContext })
• Framework mode - <HydratedRouter unstable_getContext>

This function should return an value of type unstable_InitialContext which is a Map<unstable_RouterContext, unknown> of context's and initial values:

const loggerContext = unstable_createContext<(...args: unknown[]) => void>();

function logger(...args: unknown[]) {
  console.log(new Date.toISOString(), ...args);
}

function unstable_getContext() {
  let map = new Map();
  map.set(loggerContext, logger);
  return map;
}

Middleware (unstable)

Middleware is implemented behind a future.unstable_middleware flag. To enable, you must enable the flag and the types in your react-router.config.ts file:

import type { Config } from "@​react-router/dev/config";
import type { Future } from "react-router";

declare module "react-router" {
  interface Future {
    unstable_middleware: true; // 👈 Enable middleware types
  }
}

export default {
  future: {
    unstable_middleware: true, // 👈 Enable middleware
  },
} satisfies Config;

⚠️ Middleware is unstable and should not be adopted in production. There is at least one known de-optimization in route module loading for clientMiddleware that we will be addressing this before a stable release.

⚠️ Enabling middleware contains a breaking change to the context parameter passed to your loader/action functions - see below for more information.

Once enabled, routes can define an array of middleware functions that will run sequentially before route handlers run. These functions accept the same parameters as loader/action plus an additional next parameter to run the remaining data pipeline. This allows middlewares to perform logic before and after handlers execute.

// Framework mode
export const unstable_middleware = [serverLogger, serverAuth]; // server
export const unstable_clientMiddleware = [clientLogger]; // client

// Library mode
const routes = [
  {
    path: "/",
    // Middlewares are client-side for library mode SPA's
    unstable_middleware: [clientLogger, clientAuth],
    loader: rootLoader,
    Component: Root,
  },
];

Here's a simple example of a client-side logging middleware that can be placed on the root route:

const clientLogger: Route.unstable_ClientMiddlewareFunction = async (
  { request },
  next
) => {
  let start = performance.now();

  // Run the remaining middlewares and all route loaders
  await next();

  let duration = performance.now() - start;
  console.log(`Navigated to ${request.url} (${duration}ms)`);
};

Note that in the above example, the next/middleware functions don't return anything. This is by design as on the client there is no "response" to send over the network like there would be for middlewares running on the server. The data is all handled behind the scenes by the stateful router.

For a server-side middleware, the next function will return the HTTP Response that React Router will be sending across the wire, thus giving you a chance to make changes as needed. You may throw a new response to short circuit and respond immediately, or you may return a new or altered response to override the default returned by next().

const serverLogger: Route.unstable_MiddlewareFunction = async (
  { request, params, context },
  next
) => {
  let start = performance.now();

  // 👇 Grab the response here
  let res = await next();

  let duration = performance.now() - start;
  console.log(`Navigated to ${request.url} (${duration}ms)`);

  // 👇 And return it here (optional if you don't modify the response)
  return res;
};

You can throw a redirect from a middleware to short circuit any remaining processing:

import { sessionContext } from "../context";
const serverAuth: Route.unstable_MiddlewareFunction = (
  { request, params, context },
  next
) => {
  let session = context.get(sessionContext);
  let user = session.get("user");
  if (!user) {
    session.set("returnTo", request.url);
    throw redirect("/login", 302);
  }
};

Note that in cases like this where you don't need to do any post-processing you don't need to call the next function or return a Response.

Here's another example of using a server middleware to detect 404s and check the CMS for a redirect:

const redirects: Route.unstable_MiddlewareFunction = async ({
  request,
  next,
}) => {
  // attempt to handle the request
  let res = await next();

  // if it's a 404, check the CMS for a redirect, do it last
  // because it's expensive
  if (res.status === 404) {
    let cmsRedirect = await checkCMSRedirects(request.url);
    if (cmsRedirect) {
      throw redirect(cmsRedirect, 302);
    }
  }

  return res;
};

For more information on the middleware API/design, please see the decision doc.

Middleware context parameter

When middleware is enabled, your application will use a different type of context parameter in your loaders and actions to provide better type safety. Instead of AppLoadContext, context will now be an instance of ContextProvider that you can use with type-safe contexts (similar to React.createContext):

import { unstable_createContext } from "react-router";
import { Route } from "./+types/root";
import type { Session } from "./sessions.server";
import { getSession } from "./sessions.server";

let sessionContext = unstable_createContext<Session>();

const sessionMiddleware: Route.unstable_MiddlewareFunction = ({
  context,
  request,
}) => {
  let session = await getSession(request);
  context.set(sessionContext, session);
  //                          ^ must be of type Session
};

// ... then in some downstream middleware
const loggerMiddleware: Route.unstable_MiddlewareFunction = ({
  context,
  request,
}) => {
  let session = context.get(sessionContext);
  //  ^ typeof Session
  console.log(session.get("userId"), request.method, request.url);
};

// ... or some downstream loader
export function loader({ context }: Route.LoaderArgs) {
  let session = context.get(sessionContext);
  let profile = await getProfile(session.get("userId"));
  return { profile };
}

If you are using a custom server with a getLoadContext function, the return value for initial context values passed from the server adapter layer is no longer an object and should now return an unstable_InitialContext (Map<RouterContext, unknown>):

let adapterContext = unstable_createContext<MyAdapterContext>();

function getLoadContext(req, res): unstable_InitialContext {
  let map = new Map();
  map.set(adapterContext, getAdapterContext(req));
  return map;
}

unstable_SerializesTo

unstable_SerializesTo added a way to register custom serialization types in Single Fetch for other library and framework authors like Apollo. It was implemented with branded type whose branded property that was made optional so that casting arbitrary values was easy:

// without the brand being marked as optional
let x1 = 42 as unknown as unstable_SerializesTo<number>;
//          ^^^^^^^^^^

// with the brand being marked as optional
let x2 = 42 as unstable_SerializesTo<number>;

However, this broke type inference in loaderData and actionData for any Record types as those would now (incorrectly) match unstable_SerializesTo. This affected all users, not just those that depended on unstable_SerializesTo. To fix this, the branded property of unstable_SerializesTo is marked as required instead of optional.

For library and framework authors using unstable_SerializesTo, you may need to add as unknown casts before casting to unstable_SerializesTo.

Changes by Package

• create-react-router
• react-router
• @react-router/architect
• @react-router/cloudflare
• @react-router/dev
• @react-router/express
• @react-router/fs-routes
• @react-router/node
• @react-router/remix-config-routes-adapter
• @react-router/serve

Full Changelog: v7.2.0...v7.3.0

v7.2.0

Compare Source

Date: 2025-02-18

What's Changed

Type-safe href utility

In framework mode, we now provide you with a fully type-safe href utility to give you all the warm and fuzzy feelings of path auto-completion and param validation for links in your application:

import { href } from "react-router";

export default function Component() {
  const link = href("/blog/:slug", { slug: "my-first-post" });
  //                ^ type-safe!     ^ Also type-safe!

  return (
    <main>
      <Link to={href("/products/:id", { id: "asdf" })} />
      <NavLink to={href("/:lang?/about", { lang: "en" })} />
    </main>
  );
}

You'll now get type errors if you pass a bad path value or a bad param value:

const badPath = href("/not/a/valid/path");
//                   ^ Error!

const badParam = href("/blog/:slug", { oops: "bad param" });
//                                     ^ Error!

Prerendering with a SPA Fallback

This release enhances the ability to use a combination of pre-rendered paths alongside other paths that operate in "SPA Mode" when pre-rendering with ssr:false.

• If you specify ssr:false without a prerender config, this is considered "SPA Mode" and the generated index.html file will only render down to the root route and will be able to hydrate for any valid application path
• If you specify ssr:false with a prerender config but do not include the / path (i.e., prerender: ['/blog/post']), then we still generate a "SPA Mode" index.html file that can hydrate for any path in the application
• If you specify ssr:false and include the / path in your prerender config, the generated index.html file will be specific to the root index route, so we will now also generate a separate "SPA Mode" file in __spa-fallback.html that you can serve/hydrate for non-prerendered paths

For more info, see the Pre-rendering docs for more info.

Allow a root loader in SPA Mode

SPA Mode used to prohibit the use of loaders in all routes so that we could hydrate for any path in the application. However, because the root route is always rendered at build time, we can lift this restriction for the root route.

In order to use your build-time loader data during pre-rendering, we now also expose the loaderData as an optional prop for the HydrateFallback component on routes:

• This will be defined so long as the HydrateFallback is rendering because children routes are loading
• This will be undefined if the HydrateFallback is rendering because the route itself has it's own hydrating clientLoader
  • In SPA mode, this will allow you to render loader root data into the SPA Mode HTML file

Minor Changes

• react-router - New type-safe href utility that guarantees links point to actual paths in your app (#​13012)
• @react-router/dev - Generate a "SPA fallback" HTML file when pre-rendering the / route with ssr:false (#​12948)
• @react-router/dev - Allow a loader in the root route in SPA mode because it can be called/server-rendered at build time (#​12948)
  • Route.HydrateFallbackProps now also receives loaderData

Patch Changes

• react-router - Disable Lazy Route Discovery for all ssr:false apps and not just "SPA Mode" because there is no runtime server to serve the search-param-configured __manifest requests (#​12894)
  • We previously only disabled this for "SPA Mode" but we realized it should apply to all ssr:false apps
  • In those prerender scenarios we would pre-render the /__manifest file but that makes some unnecessary assumptions about the static file server behaviors
• react-router - Don't apply Single Fetch revalidation de-optimization when in SPA mode since there is no server HTTP request (#​12948)
• react-router - Properly handle revalidations to across a pre-render/SPA boundary (#​13021)
  • In "hybrid" applications where some routes are pre-rendered and some are served from a SPA fallback, we need to avoid making .data requests if the path wasn't pre-rendered because the request will 404
  • We don't know all the pre-rendered paths client-side, however:
    • All loader data in ssr:false mode is static because it's generated at build time
    • A route must use a clientLoader to do anything dynamic
    • Therefore, if a route only has a loader and not a clientLoader, we disable revalidation by default because there is no new data to retrieve
    • We short circuit and skip single fetch .data request logic if there are no server loaders with shouldLoad=true in our single fetch dataStrategy
    • This ensures that the route doesn't cause a .data request that would 404 after a submission
• react-router - Align dev server behavior with static file server behavior when ssr:false is set (#​12948)
  • When no prerender config exists, only SSR down to the root HydrateFallback (SPA Mode)
  • When a prerender config exists but the current path is not pre-rendered, o

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.