fix(frontend): bump react-router-dom to ^7.15.0 (Mend CVE remediation)

[illeatmyhat]

What & why

Mend flagged six CVEs against react-router@7.13.1, pulled transitively via react-router-dom: ^7.13.1 in altk_evolve/frontend/ui/package.json. This bumps react-router-dom to ^7.15.0 (the highest fix floor in the set) and refreshes the lockfile. Both react-router and react-router-dom now resolve to 7.17.0 in package-lock.json.

These are React Router Framework / RSC-mode advisories (e.g. the __manifest ReDoS). 7.15.0 is the highest required fix floor across all six.

CVEs cleared

• CVE-2026-34077
• CVE-2026-40181
• CVE-2026-42342 (highest fix floor: 7.15.0, __manifest ReDoS)
• CVE-2026-33245
• CVE-2026-42211
• CVE-2026-33244

Verification

• npm run build (includes tsc -b typecheck) — pass
• npm test -- --run — 6/6 pass
• No react-router 7.13.x / 7.14.x remains in the lockfile

Notes

Independent of #266. Only package.json + package-lock.json touched. The lockfile diff also prunes three orphaned entries (jsdom, @csstools/css-parser-algorithms, @csstools/css-tokenizer) that nothing in the current tree depended on. Pre-existing npm run lint failures (no-explicit-any, set-state-in-effect) are unrelated to this bump and present on main.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated routing library dependency to a newer version for improved stability and performance.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9bac9416-634b-4800-8d16-0d5e508d66a7

📥 Commits

Reviewing files that changed from the base of the PR and between a8a6fe4 and d5531b1.

⛔ Files ignored due to path filters (1)

• altk_evolve/frontend/ui/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• altk_evolve/frontend/ui/package.json

---

📝 Walkthrough

Walkthrough

The react-router-dom dependency in the frontend UI package is updated from version ^7.13.1 to ^7.15.0. This is a minor version bump that allows newer compatible releases of the routing library.

Changes

Dependency Version Update

Layer / File(s)	Summary
react-router-dom version bump altk_evolve/frontend/ui/package.json	react-router-dom dependency is updated from ^7.13.1 to ^7.15.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A hop and a skip through version space,
From 7-13 to 7-15 with grace,
Router components dance and align,
The frontend now routes through v2 so fine!
With caret constraints keeping threads in place,
This update brings harmony to the trace.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: bumping react-router-dom to ^7.15.0 for CVE remediation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/react-router-cves

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[visahak]

LGTM.

[visahak]

Merging this because I want to merge this PR as well #262