chore(deps): bump react-router from 7.14.0 to 7.15.1

[dependabot]

Bumps react-router from 7.14.0 to 7.15.1.

Release notes

Sourced from react-router's releases.

v7.15.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7151

v7.15.0

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150

v7.14.2

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7142

v7.14.1

See the changelog for release notes: https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141

Changelog

Sourced from react-router's changelog.

v7.15.1

Patch Changes

• Update router to operate on fetcher Maps in an immutable manner to avoid delayed React renders from potentially reading an updated but not yet committed Map. This could result in brief flickers in some fetcher-driven optimistic UI scenarios. (#15028)
• Fix serverLoader() returning stale SSR data when a client navigation aborts pending hydration before the hydration clientLoader resolves (#15022)
• Fix RouterProvider onError callback not being called for synchronous initial loader errors in SPA mode (#15039) (#14942)
• Memoize useFetchers to return a stable identity and only change if fetchers changed (#15028)
• Internal refactor to consolidate mutation request detection through shared utility (#15033)

Unstable Changes

⚠️ Unstable features are not recommended for production use

• Add a new unstable_useRouterState() hook that consolidates access to active and pending router states (RFC: #12358) (#15017)

  • Data/Framework/RSC only — throws when used without a data router

  • This should allow you to consolidate usages of the following hooks which will likely be deprecated and removed in a future major version

    • useLocation
    • useSearchParams
    • useParams
    • useMatches
    • useNavigationType
    • useNavigation

    let { active, pending } = unstable_useRouterState();
    // Active is always populated with the current location
    active.location; // replaces useLocation()
    active.searchParams; // replaces useSearchParams()[0]
    active.params; // replaces useParams()
    active.matches; // replaces useMatches()
    active.type; // replaces useNavigationType()
    // Pending is only populated during a navigation
    pending.location; // replaces useNavigation().location
    pending.searchParams; // equivalent to new URLSearchParams(useNavigation().search)
    pending.params; // Not directly accessible today
    pending.matches; // Not directly accessible today
    pending.type; // Not directly accessible today
    pending.state; // replaces useNavigation().state
    pending.formMethod; // replaces useNavigation().formMethod
    pending.formAction; // replaces useNavigation().formAction
    pending.formEncType; // replaces useNavigation().formEncType
    pending.formData; // replaces useNavigation().formData
    pending.json; // replaces useNavigation().json
    pending.text; // replaces useNavigation().text

v7.15.0

... (truncated)

Commits

• 587d08f Release v7.15.1 (#15038)
• 89996bd Fire onError for initial-load errors when RouterProvider mounts late (#15039)
• 4322e58 Update docs for useRouterState
• fadd6c4 Merge branch 'main' into release
• 6bf91ce chore: format
• 44c3478 fix: prevent fetcher formData flicker and eliminate state.fetchers mutations ...
• 7e6725a Cleanup lint issues (#15030)
• aabd30c Use shared isMutationMethod check (#15033)
• 954a4a6 Fix stale SSR data when hydration is aborted by a same-route navigation (#15022)
• 041cd32 fix(react-router): Internal preloads refactor to preserve types (#14860)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Bump react-router from 7.14.0 to 7.15.1 to pick up bug fixes that reduce fetcher UI flicker, fix stale SSR data after aborted hydration, and ensure RouterProvider onError fires in SPA mode.

• Dependencies
  • react-router: 7.14.0 -> 7.15.1

^{Written for commit 0fcb1ad. Summary will update on new commits.}

[sovri]

✅ Approve

0 findings

Review assessment

No findings — nothing to assess.

TL;DR

The pull request updates the react-router dependency from version 7.14.0 to 7.15.1. This is a routine dependency bump with no direct code changes in the repository, but the changelog indicates fixes for flickering UI, stale SSR data, and error handling improvements. No findings were identified in the supplied diff, but downstream usage of the updated react-router APIs should be reviewed for compatibility with the new version.

Findings

✅ No blocking issues found.

File-by-file

No changed files with findings.

Compliance & provenance

Compliance & audit

Model: mistral / mistral-large-latest
Prompt sha256: 9dfdeba0c2ea27092e47bda41257a57a95cdbe78cb6abb9311d64e5fe15ee2d1
No signed audit trail is attached

---

Tokens: 4703 in / 459 out · Estimated cost: $0.0030 (mistral mistral-large-latest)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​react-router@​7.14.0 ⏵ 7.15.1	+1	+24	+1	+1

View full report

[codspeed-hq]

Merging this PR will not alter performance

⚠️ Different runtime environments detected

Some benchmarks with significant performance changes were compared across different runtime environments,
which may affect the accuracy of the results.

Open the report in CodSpeed to investigate

⚡ 4 improved benchmarks
❌ 2 regressed benchmarks
✅ 20 untouched benchmarks

Warning

Please fix the performance issues or acknowledge them on CodSpeed.

Performance Changes

	Benchmark	BASE	HEAD	Efficiency
❌	from_status_code_500	125.3 ns	154.4 ns	-18.88%
❌	from_status_code_404	154.7 ns	183.9 ns	-15.86%
⚡	normalize_link_check_parallelism	150 ns	120.8 ns	+24.14%
⚡	normalize_max_concurrent	150 ns	120.8 ns	+24.14%
⚡	reject_invalid	610.3 ns	493.6 ns	+23.64%
⚡	split	501.1 ns	442.8 ns	+13.17%

Tip

Investigate this regression by commenting @codspeedbot fix this regression on this PR, or directly use the CodSpeed MCP with your agent.

---

_{Comparing dependabot/npm_and_yarn/react-router-7.15.1 (0fcb1ad) with main (46d16cb)}