From 0d58c4961980536c6e33638919ebac52d58bc757 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Jan 2026 09:21:02 -0800
Subject: [PATCH] build(deps): bump the npm_and_yarn group across 1 directory
 with 5 updates (#1510)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps the npm_and_yarn group with 5 updates in the /webui directory:

| Package | From | To |
| --- | --- | --- |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |
|
[mdast-util-to-hast](https://github.com/syntax-tree/mdast-util-to-hast)
| `13.2.0` | `13.2.1` |
| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` |
`1.3.3` |
| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.14.1` |
|
[react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router)
| `7.6.0` | `7.13.0` |


Updates `lodash` from 4.17.21 to 4.17.23
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lodash/lodash/commit/dec55b7a3b382da075e2eac90089b4cd00a26cbb"><code>dec55b7</code></a>
Bump main to v4.17.23 (<a
href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/19c9251b3631d7cf220b43bc757eb33f1084f117"><code>19c9251</code></a>
fix: setCacheHas JSDoc return type should be boolean (<a
href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/b5e672995ae26929d111a6e94589f8d03fb8e578"><code>b5e6729</code></a>
jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a
href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/edadd452146f7e4bad4ea684e955708931d84d81"><code>edadd45</code></a>
Prevent prototype pollution on baseUnset function</li>
<li><a
href="https://github.com/lodash/lodash/commit/4879a7a7d0a4494b0e83c7fa21bcc9fc6e7f1a6d"><code>4879a7a</code></a>
doc: fix autoLink function, conversion of source links (<a
href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/9648f692b0fc7c2f6a7a763d754377200126c2e8"><code>9648f69</code></a>
chore: remove <code>yarn.lock</code> file (<a
href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/dfa407db0bf5b200f2c7a9e4f06830ceaf074be9"><code>dfa407d</code></a>
ci: remove legacy configuration files (<a
href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/156e1965ae78b121a88f81178ab81632304e8d64"><code>156e196</code></a>
feat: add renovate setup (<a
href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/933e1061b8c344d3fc742cdc400175d5ffc99bce"><code>933e106</code></a>
ci: add pipeline for Bun (<a
href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li>
<li><a
href="https://github.com/lodash/lodash/commit/072a807ff7ad8ffc7c1d2c3097266e815d138e20"><code>072a807</code></a>
docs: update links related to Open JS Foundation (<a
href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare
view</a></li>
</ul>
</details>
<br />

Updates `mdast-util-to-hast` from 13.2.0 to 13.2.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/syntax-tree/mdast-util-to-hast/releases">mdast-util-to-hast's
releases</a>.</em></p>
<blockquote>
<h2>13.2.1</h2>
<h4>Fix</h4>
<ul>
<li>ab3a795 Fix support for spaces in class names</li>
</ul>
<h4>Types</h4>
<ul>
<li>efb5312 Refactor to use <code>@import</code>s</li>
<li>a5bc210 Add declaration maps</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1">https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/syntax-tree/mdast-util-to-hast/commit/174795b21f7757fffb54dd8d5fb4012f4751f791"><code>174795b</code></a>
13.2.1</li>
<li><a
href="https://github.com/syntax-tree/mdast-util-to-hast/commit/3d05b3a715133df55689fe3753c2e47101315b4e"><code>3d05b3a</code></a>
Update Node in Actions</li>
<li><a
href="https://github.com/syntax-tree/mdast-util-to-hast/commit/ab3a79570a1afbfa7efef5d4a0cd9b5caafbc5d7"><code>ab3a795</code></a>
Fix support for spaces in class names</li>
<li><a
href="https://github.com/syntax-tree/mdast-util-to-hast/commit/efb531231020055e0dab7b39a18d80b569d5b566"><code>efb5312</code></a>
Refactor to use <code>@import</code>s</li>
<li><a
href="https://github.com/syntax-tree/mdast-util-to-hast/commit/a5bc210f1aa308e4c6141ac374893c9237fcd746"><code>a5bc210</code></a>
Add declaration maps</li>
<li><a
href="https://github.com/syntax-tree/mdast-util-to-hast/commit/b54955d4e123b0167eac13646333c809bb8f301c"><code>b54955d</code></a>
Add <code>.tsbuildinfo</code> to <code>.gitignore</code></li>
<li>See full diff in <a
href="https://github.com/syntax-tree/mdast-util-to-hast/compare/13.2.0...13.2.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `node-forge` from 1.3.1 to 1.3.3
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md">node-forge's
changelog</a>.</em></p>
<blockquote>
<h2>1.3.3 - 2025-12-02</h2>
<h3>Fixed</h3>
<ul>
<li>[pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX
issues
introduced in 1.3.2.</li>
</ul>
<h2>1.3.2 - 2025-11-25</h2>
<h3>Security</h3>
<ul>
<li><strong>HIGH</strong>: ASN.1 Validator Desynchronization
<ul>
<li>An Interpretation Conflict (CWE-436) vulnerability in node-forge
versions
1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1
structures to desynchronize schema validations, yielding a semantic
divergence that may bypass downstream cryptographic verifications and
security decisions.</li>
<li>Reported by Hunter Wodzenski.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2025-12816">CVE-2025-12816</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq">GHSA-5gfm-wpxj-wjgq</a></li>
</ul>
</li>
<li><strong>HIGH</strong>: ASN.1 Unbounded Recursion
<ul>
<li>An Uncontrolled Recursion (CWE-674) vulnerability in node-forge
versions
1.3.1 and below enables remote, unauthenticated attackers to craft deep
ASN.1 structures that trigger unbounded recursive parsing. This leads to
a
Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER
inputs.</li>
<li>Reported by Hunter Wodzenski.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66031">CVE-2025-66031</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27">GHSA-554w-wpv2-vw27</a></li>
</ul>
</li>
<li><strong>MODERATE</strong>: ASN.1 OID Integer Truncation
<ul>
<li>An Integer Overflow (CWE-190) vulnerability in node-forge versions
1.3.1
and below enables remote, unauthenticated attackers to craft ASN.1
structures containing OIDs with oversized arcs. These arcs may be
decoded
as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the
bypass of downstream OID-based security decisions.</li>
<li>Reported by Hunter Wodzenski.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66030">CVE-2025-66030</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g">GHSA-65ch-62r8-g69g</a></li>
</ul>
</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>[asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12
MAC
verification bypass due to missing macData enforcement and improper
asn1.validate routine.</li>
<li>[asn1] Add <code>fromDer()</code> max recursion depth check.
<ul>
<li>Add a <code>asn1.maxDepth</code> global configurable maximum depth
of 256.</li>
<li>Add a <code>asn1.fromDer()</code> per-call <code>maxDepth</code>
option.</li>
<li><strong>NOTE</strong>: The default maximum is assumed to be higher
than needed for valid
data. If this assumption is false then this could be a breaking change.
Please file an issue if there are use cases that need a higher
maximum.</li>
<li><strong>NOTE</strong>: The per-call <code>maxDepth</code> parameter
has not been exposed up through
all of the API stack due to the complexities involved. Please file an
issue
if there are use cases that require this instead of changing the
default</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/digitalbazaar/forge/commit/1cea0aff4901589ae86e314f25782bbe312f9f69"><code>1cea0af</code></a>
Release 1.3.3.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/5265989cf5e54cfe1e27a10d71523007ce0507b1"><code>5265989</code></a>
Update changelog.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/e4f3961406395dd8e985dcf841852ceca73ac3a9"><code>e4f3961</code></a>
Fix changelog for release.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/503979b0295cf633a30199d6bd937f4a222481a0"><code>503979b</code></a>
Update changelog.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/c3b3b32a8c157ac57752934d3af63b5f798b58b8"><code>c3b3b32</code></a>
Make digestAlgorithm parameters optional</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/6f70043a6db1abb9f3304f3d432efed3ba50fcca"><code>6f70043</code></a>
Update CVE details.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/f547b0d292745094190ecb250429d21e8804a375"><code>f547b0d</code></a>
Start 1.3.3-0.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/235ad3e70e4fdfdca4fdeb662dfba6588e2c38bd"><code>235ad3e</code></a>
Release 1.3.2.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/25982441171dc9815c87d3d886c5c8a1d092b334"><code>2598244</code></a>
Update changelog.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/0032dd0be8b6fb1b1092ef754d1dde91c10a95ad"><code>0032dd0</code></a>
Fix typos.</li>
<li>Additional commits viewable in <a
href="https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `qs` from 6.13.0 to 6.14.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's
changelog</a>.</em></p>
<blockquote>
<h2><strong>6.14.1</strong></h2>
<ul>
<li>[Fix] ensure arrayLength applies to <code>[]</code> notation as
well</li>
<li>[Fix] <code>parse</code>: when a custom decoder returns
<code>null</code> for a key, ignore that key</li>
<li>[Refactor] <code>parse</code>: extract key segment splitting
helper</li>
<li>[meta] add threat model</li>
<li>[actions] add workflow permissions</li>
<li>[Tests] <code>stringify</code>: increase coverage</li>
<li>[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code>, <code>npmignore</code>,
<code>es-value-fixtures</code>, <code>for-each</code>,
<code>object-inspect</code></li>
</ul>
<h2><strong>6.14.0</strong></h2>
<ul>
<li>[New] <code>parse</code>: add
<code>throwOnParameterLimitExceeded</code> option (<a
href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li>
<li>[Refactor] <code>parse</code>: use <code>utils.combine</code>
more</li>
<li>[patch] <code>parse</code>: add explicit
<code>throwOnLimitExceeded</code> default</li>
<li>[actions] use shared action; re-add finishers</li>
<li>[meta] Fix changelog formatting bug</li>
<li>[Deps] update <code>side-channel</code></li>
<li>[Dev Deps] update <code>es-value-fixtures</code>,
<code>has-bigints</code>, <code>has-proto</code>,
<code>has-symbols</code></li>
<li>[Tests] increase coverage</li>
</ul>
<h2><strong>6.13.1</strong></h2>
<ul>
<li>[Fix] <code>stringify</code>: avoid a crash when a
<code>filter</code> key is <code>null</code></li>
<li>[Fix] <code>utils.merge</code>: functions should not be stringified
into keys</li>
<li>[Fix] <code>parse</code>: avoid a crash with
interpretNumericEntities: true, comma: true, and iso charset</li>
<li>[Fix] <code>stringify</code>: ensure a non-string
<code>filter</code> does not crash</li>
<li>[Refactor] use <code>__proto__</code> syntax instead of
<code>Object.create</code> for null objects</li>
<li>[Refactor] misc cleanup</li>
<li>[Tests] <code>utils.merge</code>: add some coverage</li>
<li>[Tests] fix a test case</li>
<li>[actions] split out node 10-20, and 20+</li>
<li>[Dev Deps] update <code>es-value-fixtures</code>,
<code>mock-property</code>, <code>object-inspect</code>,
<code>tape</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ljharb/qs/commit/3fa11a5f643c76896387bd2d86904a2d0141fdf7"><code>3fa11a5</code></a>
v6.14.1</li>
<li><a
href="https://github.com/ljharb/qs/commit/a62670423c1ccab0dd83c621bfb98c7c024e314d"><code>a626704</code></a>
[Dev Deps] update <code>npmignore</code></li>
<li><a
href="https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"><code>3086902</code></a>
[Fix] ensure arrayLength applies to <code>[]</code> notation as
well</li>
<li><a
href="https://github.com/ljharb/qs/commit/fc7930e86c2264c1568c9f5606830e19b0bc2af2"><code>fc7930e</code></a>
[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code></li>
<li><a
href="https://github.com/ljharb/qs/commit/0b06aac566abee45ef0327667a7cc89e7aed8b58"><code>0b06aac</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a
href="https://github.com/ljharb/qs/commit/64951f6200a1fb72cc003c6e8226dde3d2ef591f"><code>64951f6</code></a>
[Refactor] <code>parse</code>: extract key segment splitting helper</li>
<li><a
href="https://github.com/ljharb/qs/commit/e1bd2599cdff4c936ea52fb1f16f921cbe7aa88c"><code>e1bd259</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a
href="https://github.com/ljharb/qs/commit/f4b3d39709fef6ddbd85128d1ba4c6b566c4902e"><code>f4b3d39</code></a>
[eslint] add eslint 9 optional peer dep</li>
<li><a
href="https://github.com/ljharb/qs/commit/6e94d9596ca50dffafcef40a5f64eca89962cf34"><code>6e94d95</code></a>
[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code>, <code>npmignore</code></li>
<li><a
href="https://github.com/ljharb/qs/commit/973dc3c51c86da9f4e30edeb4b1725158d439102"><code>973dc3c</code></a>
[actions] add workflow permissions</li>
<li>Additional commits viewable in <a
href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `react-router` from 7.6.0 to 7.13.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/releases">react-router's
releases</a>.</em></p>
<blockquote>
<h2>v7.13.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130</a></p>
<h2>v7.12.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120</a></p>
<h2>v7.11.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110</a></p>
<h2>v7.10.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101</a></p>
<h2>v7.10.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100</a></p>
<h2>v7.9.6</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796</a></p>
<h2>v7.9.5</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795</a></p>
<h2>v7.9.4</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794</a></p>
<h2>v7.9.3</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793</a></p>
<h2>v7.9.2</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792</a></p>
<h2>v7.9.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791</a></p>
<h2>v7.9.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790</a></p>
<h2>v7.8.2</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v782</a></p>
<h2>v7.8.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v781</a></p>
<h2>v7.8.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v780</a></p>
<h2>v7.7.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v771</a></p>
<h2>v7.7.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v770</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's
changelog</a>.</em></p>
<blockquote>
<h2>7.13.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>Add <code>crossOrigin</code> prop to <code>Links</code> component
(<a
href="https://redirect.github.com/remix-run/react-router/pull/14687">#14687</a>)</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Fix double slash normalization for useNavigate colon urls (<a
href="https://redirect.github.com/remix-run/react-router/pull/14718">#14718</a>)</li>
<li>Update failed origin checks to return a 400 status instead of a 500
(<a
href="https://redirect.github.com/remix-run/react-router/pull/14737">#14737</a>)</li>
<li>Bugfix <a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14666">#14666</a>:
Inline criticalCss is missing nonce (<a
href="https://redirect.github.com/remix-run/react-router/pull/14691">#14691</a>)</li>
<li>Loosen <code>allowedActionOrigins</code> glob check so
<code>**</code> matches all domains (<a
href="https://redirect.github.com/remix-run/react-router/pull/14722">#14722</a>)</li>
</ul>
<h2>7.12.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>Add additional layer of CSRF protection by rejecting submissions to
UI routes from external origins. If you need to permit access to
specific external origins, you can specify them in the
<code>react-router.config.ts</code> config
<code>allowedActionOrigins</code> field. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14708">#14708</a>)</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p>Fix <code>generatePath</code> when used with suffixed params (i.e.,
&quot;/books/:id.json&quot;) (<a
href="https://redirect.github.com/remix-run/react-router/pull/14269">#14269</a>)</p>
</li>
<li>
<p>Export <code>UNSAFE_createMemoryHistory</code> and
<code>UNSAFE_createHashHistory</code> alongside
<code>UNSAFE_createBrowserHistory</code> for consistency. These are not
intended to be used for new apps but intended to help apps usiong
<code>unstable_HistoryRouter</code> migrate from v6-&gt;v7 so they can
adopt the newer APIs. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14663">#14663</a>)</p>
</li>
<li>
<p>Escape HTML in scroll restoration keys (<a
href="https://redirect.github.com/remix-run/react-router/pull/14705">#14705</a>)</p>
</li>
<li>
<p>Validate redirect locations (<a
href="https://redirect.github.com/remix-run/react-router/pull/14706">#14706</a>)</p>
</li>
<li>
<p>[UNSTABLE] Pass <code>&lt;Scripts nonce&gt;</code> value through to
the underlying <code>importmap</code> <code>script</code> tag when using
<code>future.unstable_subResourceIntegrity</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14675">#14675</a>)</p>
</li>
<li>
<p>[UNSTABLE] Add a new
<code>future.unstable_trailingSlashAwareDataRequests</code> flag to
provide consistent behavior of <code>request.pathname</code> inside
<code>middleware</code>, <code>loader</code>, and <code>action</code>
functions on document and data requests when a trailing slash is present
in the browser URL. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14644">#14644</a>)</p>
<p>Currently, your HTTP and <code>request</code> pathnames would be as
follows for <code>/a/b/c</code> and <code>/a/b/c/</code></p>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c</code></td>
<td><code>/a/b/c</code> ✅</td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c.data</code></td>
<td><code>/a/b/c</code> ✅</td>
</tr>
</tbody>
</table>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c/</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c/</code></td>
<td><code>/a/b/c/</code> ✅</td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c.data</code></td>
<td><code>/a/b/c</code> ⚠️</td>
</tr>
</tbody>
</table>
<p>With this flag enabled, these pathnames will be made consistent
though a new <code>_.data</code> format for client-side
<code>.data</code> requests:</p>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c</code></td>
<td><code>/a/b/c</code> ✅</td>
</tr>
</tbody>
</table>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/remix-run/react-router/commit/5557ba3f848e52dfe400a47cc28256a51e13a150"><code>5557ba3</code></a>
chore: Update version for release (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14749">#14749</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/62c6e0effd9ae754fa05b1812fd013341226c0cb"><code>62c6e0e</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14738">#14738</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/3126264a690b1de97666fbd0c804b001d1c98235"><code>3126264</code></a>
Return 400 response on failed origin checks (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14737">#14737</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/3a5b5ad0e5cf9918c646509563f5c41a89226ff3"><code>3a5b5ad</code></a>
Fix double slash normalization for <code>useNavigate</code> paths with
colons (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14718">#14718</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/f29c6c95631368afa1b475f824854a781e690c02"><code>f29c6c9</code></a>
Add docs and loosen origins wildcard check (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14722">#14722</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/0bb972b74740cad416f5e551c10b54f2c20078ef"><code>0bb972b</code></a>
fix(react-router/dom/ssr): add <code>nonce</code> to inline critical css
(<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14691">#14691</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/dd08f8d3b152ac3b6e7d126680fb74d88d18de9a"><code>dd08f8d</code></a>
fix(react-router): add crossOrigin prop to Links component (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14687">#14687</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/c38d76ce4e9c7d3b689d7b375032859ea7b29d7f"><code>c38d76c</code></a>
chore: format</li>
<li><a
href="https://github.com/remix-run/react-router/commit/26653a6bcbf8a9c5541f99dcfb526eafadf13434"><code>26653a6</code></a>
chore: Update version for release (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14712">#14712</a>)</li>
<li><a
href="https://github.com/remix-run/react-router/commit/7ac2346873b4bba26d16c88e5cd5c5cb81ce6bb3"><code>7ac2346</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14709">#14709</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/remix-run/react-router/commits/react-router@7.13.0/packages/react-router">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for react-router since your current
version.</p>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/git-bug/git-bug/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 webui/package-lock.json | 188 ++++++++++++++++++++++------------------
 webui/package.json      |   2 +-
 2 files changed, 106 insertions(+), 84 deletions(-)
diff --git a/webui/package-lock.json b/webui/package-lock.json
index c28833301bac855133fb32fdefbff46bd0b68079..127d86fc244f21681c99efdfc5a52ba2ced25caa 100644
--- a/webui/package-lock.json
+++ b/webui/package-lock.json
@@ -21,7 +21,7 @@
         "moment": "^2.30.1",
         "react": "^19.1.0",
         "react-dom": "^19.1.0",
-        "react-router-dom": "^7.6.0",
+        "react-router-dom": "^7.13.0",
         "rehype-highlight": "^7.0.2",
         "rehype-raw": "^7.0.0",
         "rehype-react": "^8.0.0",
@@ -13420,40 +13420,39 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.2",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
-      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+      "version": "4.22.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
       "dev": true,
-      "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
-        "body-parser": "1.20.3",
-        "content-disposition": "0.5.4",
+        "body-parser": "~1.20.3",
+        "content-disposition": "~0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.7.1",
-        "cookie-signature": "1.0.6",
+        "cookie": "~0.7.1",
+        "cookie-signature": "~1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "etag": "~1.8.1",
-        "finalhandler": "1.3.1",
-        "fresh": "0.5.2",
-        "http-errors": "2.0.0",
+        "finalhandler": "~1.3.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.0",
         "merge-descriptors": "1.0.3",
         "methods": "~1.1.2",
-        "on-finished": "2.4.1",
+        "on-finished": "~2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.12",
+        "path-to-regexp": "~0.1.12",
         "proxy-addr": "~2.0.7",
-        "qs": "6.13.0",
+        "qs": "~6.14.0",
         "range-parser": "~1.2.1",
         "safe-buffer": "5.2.1",
-        "send": "0.19.0",
-        "serve-static": "1.16.2",
+        "send": "~0.19.0",
+        "serve-static": "~1.16.2",
         "setprototypeof": "1.2.0",
-        "statuses": "2.0.1",
+        "statuses": "~2.0.1",
         "type-is": "~1.6.18",
         "utils-merge": "1.0.1",
         "vary": "~1.1.2"
@@ -13487,6 +13486,21 @@
       "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
       "dev": true
     },
+    "node_modules/express/node_modules/qs": {
+      "version": "6.14.1",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
+      "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
+      "dev": true,
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/express/node_modules/safe-buffer": {
       "version": "5.2.1",
       "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@@ -18863,9 +18877,9 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "version": "4.17.23",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
       "dev": true
     },
     "node_modules/lodash.debounce": {
@@ -19462,10 +19476,9 @@
       }
     },
     "node_modules/mdast-util-to-hast": {
-      "version": "13.2.0",
-      "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.0.tgz",
-      "integrity": "sha512-QGYKEuUsYT9ykKBCMOEDLsU5JRObWQusAolFMeko/tYPufNkRffBAQjIE+99jbA87xv6FgmjLtwjh9wBWajwAA==",
-      "license": "MIT",
+      "version": "13.2.1",
+      "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.1.tgz",
+      "integrity": "sha512-cctsq2wp5vTsLIcaymblUriiTcZd0CwWtCbLvrOzYCDZoWyMNV8sZ7krj09FSnsiJi3WVsHLM4k6Dq/yaPyCXA==",
       "dependencies": {
         "@types/hast": "^3.0.0",
         "@types/mdast": "^4.0.0",
@@ -20450,9 +20463,9 @@
       }
     },
     "node_modules/node-forge": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz",
-      "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==",
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.3.tgz",
+      "integrity": "sha512-rLvcdSyRCyouf6jcOIPe/BgwG/d7hKjzMKOas33/pHEr6gbq18IK9zV7DiPvzsz0oBJPme6qr6H6kGZuI9/DZg==",
       "dev": true,
       "engines": {
         "node": ">= 6.13.0"
@@ -22991,10 +23004,9 @@
       }
     },
     "node_modules/react-router": {
-      "version": "7.6.0",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.6.0.tgz",
-      "integrity": "sha512-GGufuHIVCJDbnIAXP3P9Sxzq3UUsddG3rrI3ut1q6m0FI6vxVBF3JoPQ38+W/blslLH4a5Yutp8drkEpXoddGQ==",
-      "license": "MIT",
+      "version": "7.13.0",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.13.0.tgz",
+      "integrity": "sha512-PZgus8ETambRT17BUm/LL8lX3Of+oiLaPuVTRH3l1eLvSPpKO3AvhAEb5N7ihAFZQrYDqkvvWfFh9p0z9VsjLw==",
       "dependencies": {
         "cookie": "^1.0.1",
         "set-cookie-parser": "^2.6.0"
@@ -23013,12 +23025,11 @@
       }
     },
     "node_modules/react-router-dom": {
-      "version": "7.6.0",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.6.0.tgz",
-      "integrity": "sha512-DYgm6RDEuKdopSyGOWZGtDfSm7Aofb8CCzgkliTjtu/eDuB0gcsv6qdFhhi8HdtmA+KHkt5MfZ5K2PdzjugYsA==",
-      "license": "MIT",
+      "version": "7.13.0",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.13.0.tgz",
+      "integrity": "sha512-5CO/l5Yahi2SKC6rGZ+HDEjpjkGaG/ncEP7eWFTvFxbHP8yeeI0PxTDjimtpXYlR3b3i9/WIL4VJttPrESIf2g==",
       "dependencies": {
-        "react-router": "7.6.0"
+        "react-router": "7.13.0"
       },
       "engines": {
         "node": ">=20.0.0"
@@ -23029,12 +23040,15 @@
       }
     },
     "node_modules/react-router/node_modules/cookie": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.0.2.tgz",
-      "integrity": "sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA==",
-      "license": "MIT",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
+      "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
       "engines": {
         "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/react-scripts": {
@@ -24245,10 +24259,9 @@
       "license": "ISC"
     },
     "node_modules/set-cookie-parser": {
-      "version": "2.7.1",
-      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.1.tgz",
-      "integrity": "sha512-IOc8uWeOZgnb3ptbCURJWNjWUPcO3ZnTTdzsurqERrP6nPyv+paC55vJM0LpOlT2ne+Ix+9+CRG1MNLlyZ4GjQ==",
-      "license": "MIT"
+      "version": "2.7.2",
+      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.2.tgz",
+      "integrity": "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw=="
     },
     "node_modules/setimmediate": {
       "version": "1.0.5",
@@ -36779,39 +36792,39 @@
       }
     },
     "express": {
-      "version": "4.21.2",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
-      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+      "version": "4.22.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
       "dev": true,
       "requires": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
-        "body-parser": "1.20.3",
-        "content-disposition": "0.5.4",
+        "body-parser": "~1.20.3",
+        "content-disposition": "~0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.7.1",
-        "cookie-signature": "1.0.6",
+        "cookie": "~0.7.1",
+        "cookie-signature": "~1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "etag": "~1.8.1",
-        "finalhandler": "1.3.1",
-        "fresh": "0.5.2",
-        "http-errors": "2.0.0",
+        "finalhandler": "~1.3.1",
+        "fresh": "~0.5.2",
+        "http-errors": "~2.0.0",
         "merge-descriptors": "1.0.3",
         "methods": "~1.1.2",
-        "on-finished": "2.4.1",
+        "on-finished": "~2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.12",
+        "path-to-regexp": "~0.1.12",
         "proxy-addr": "~2.0.7",
-        "qs": "6.13.0",
+        "qs": "~6.14.0",
         "range-parser": "~1.2.1",
         "safe-buffer": "5.2.1",
-        "send": "0.19.0",
-        "serve-static": "1.16.2",
+        "send": "~0.19.0",
+        "serve-static": "~1.16.2",
         "setprototypeof": "1.2.0",
-        "statuses": "2.0.1",
+        "statuses": "~2.0.1",
         "type-is": "~1.6.18",
         "utils-merge": "1.0.1",
         "vary": "~1.1.2"
@@ -36838,6 +36851,15 @@
           "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
           "dev": true
         },
+        "qs": {
+          "version": "6.14.1",
+          "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.1.tgz",
+          "integrity": "sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==",
+          "dev": true,
+          "requires": {
+            "side-channel": "^1.1.0"
+          }
+        },
         "safe-buffer": {
           "version": "5.2.1",
           "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
@@ -40732,9 +40754,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "version": "4.17.23",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
       "dev": true
     },
     "lodash.debounce": {
@@ -41182,9 +41204,9 @@
       }
     },
     "mdast-util-to-hast": {
-      "version": "13.2.0",
-      "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.0.tgz",
-      "integrity": "sha512-QGYKEuUsYT9ykKBCMOEDLsU5JRObWQusAolFMeko/tYPufNkRffBAQjIE+99jbA87xv6FgmjLtwjh9wBWajwAA==",
+      "version": "13.2.1",
+      "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.1.tgz",
+      "integrity": "sha512-cctsq2wp5vTsLIcaymblUriiTcZd0CwWtCbLvrOzYCDZoWyMNV8sZ7krj09FSnsiJi3WVsHLM4k6Dq/yaPyCXA==",
       "requires": {
         "@types/hast": "^3.0.0",
         "@types/mdast": "^4.0.0",
@@ -41768,9 +41790,9 @@
       }
     },
     "node-forge": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz",
-      "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==",
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.3.tgz",
+      "integrity": "sha512-rLvcdSyRCyouf6jcOIPe/BgwG/d7hKjzMKOas33/pHEr6gbq18IK9zV7DiPvzsz0oBJPme6qr6H6kGZuI9/DZg==",
       "dev": true
     },
     "node-int64": {
@@ -43454,27 +43476,27 @@
       "dev": true
     },
     "react-router": {
-      "version": "7.6.0",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.6.0.tgz",
-      "integrity": "sha512-GGufuHIVCJDbnIAXP3P9Sxzq3UUsddG3rrI3ut1q6m0FI6vxVBF3JoPQ38+W/blslLH4a5Yutp8drkEpXoddGQ==",
+      "version": "7.13.0",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.13.0.tgz",
+      "integrity": "sha512-PZgus8ETambRT17BUm/LL8lX3Of+oiLaPuVTRH3l1eLvSPpKO3AvhAEb5N7ihAFZQrYDqkvvWfFh9p0z9VsjLw==",
       "requires": {
         "cookie": "^1.0.1",
         "set-cookie-parser": "^2.6.0"
       },
       "dependencies": {
         "cookie": {
-          "version": "1.0.2",
-          "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.0.2.tgz",
-          "integrity": "sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA=="
+          "version": "1.1.1",
+          "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
+          "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ=="
         }
       }
     },
     "react-router-dom": {
-      "version": "7.6.0",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.6.0.tgz",
-      "integrity": "sha512-DYgm6RDEuKdopSyGOWZGtDfSm7Aofb8CCzgkliTjtu/eDuB0gcsv6qdFhhi8HdtmA+KHkt5MfZ5K2PdzjugYsA==",
+      "version": "7.13.0",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.13.0.tgz",
+      "integrity": "sha512-5CO/l5Yahi2SKC6rGZ+HDEjpjkGaG/ncEP7eWFTvFxbHP8yeeI0PxTDjimtpXYlR3b3i9/WIL4VJttPrESIf2g==",
       "requires": {
-        "react-router": "7.6.0"
+        "react-router": "7.13.0"
       }
     },
     "react-scripts": {
@@ -44361,9 +44383,9 @@
       "dev": true
     },
     "set-cookie-parser": {
-      "version": "2.7.1",
-      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.1.tgz",
-      "integrity": "sha512-IOc8uWeOZgnb3ptbCURJWNjWUPcO3ZnTTdzsurqERrP6nPyv+paC55vJM0LpOlT2ne+Ix+9+CRG1MNLlyZ4GjQ=="
+      "version": "2.7.2",
+      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.2.tgz",
+      "integrity": "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw=="
     },
     "setimmediate": {
       "version": "1.0.5",
diff --git a/webui/package.json b/webui/package.json
index 6dc5382b41d4dc1afa162d3df6c839fbd8f20b4e..ab47e2effafb12c9c3a28b6ef2419bacb16a62e2 100644
--- a/webui/package.json
+++ b/webui/package.json
@@ -16,7 +16,7 @@
     "moment": "^2.30.1",
     "react": "^19.1.0",
     "react-dom": "^19.1.0",
-    "react-router-dom": "^7.6.0",
+    "react-router-dom": "^7.13.0",
     "rehype-highlight": "^7.0.2",
     "rehype-raw": "^7.0.0",
     "rehype-react": "^8.0.0",

URL `/a/b/c`	HTTP pathname	`request` pathname`
Document	`/a/b/c`	`/a/b/c` ✅
Data	`/a/b/c.data`	`/a/b/c` ✅
URL `/a/b/c/`	HTTP pathname	`request` pathname`
Document	`/a/b/c/`	`/a/b/c/` ✅
Data	`/a/b/c.data`	`/a/b/c` ⚠️