chore(deps): update dependency @remix-run/node to v2.17.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@remix-run/node (source)	2.16.4 → 2.17.2

GitHub Vulnerability Alerts

CVE-2025-61686

If applications use createFileSessionStorage() from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the permissions of the web server process to access those files.

Read files cannot be returned directly to the attacker. Session file reads would only succeed if the file matched the expected session file format. If the file matched the session file format, the data would be populated into the server side session but not directly returned to the attacker unless the application logic returned specific session information.

Severity

• CVSS Score: 9.1 / 10 (Critical)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

---

Release Notes

remix-run/remix (@​remix-run/node)

v2.17.0

Compare Source

v2.16.5

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for brilliant-pasca-3e80ec canceled.

Name	Link
🔨 Latest commit	a4dcd35
🔍 Latest deploy log	https://app.netlify.com/projects/brilliant-pasca-3e80ec/deploys/69e00b698f2e290008cf5f52

[github-actions]

🚀 Performance Test Results

Test Configuration:

• VUs: 4
• Duration: 1m0s

Test Metrics:

• Requests/s: 48.26
• Iterations/s: 16.08
• Failed Requests: 0.00% (0 of 2902)

📜 Logs

> performance@1.0.0 run-tests:testenv /home/runner/work/rafiki/rafiki/test/performance
> ./scripts/run-tests.sh -e test "-k" "-q" "--vus" "4" "--duration" "1m"

Cloud Nine GraphQL API is up: http://localhost:3101/graphql
Cloud Nine Wallet Address is up: http://localhost:3100/
Happy Life Bank Address is up: http://localhost:4100/
cloud-nine-wallet-test-backend already set
cloud-nine-wallet-test-auth already set
happy-life-bank-test-backend already set
happy-life-bank-test-auth already set
     data_received..................: 1.0 MB 17 kB/s
     data_sent......................: 2.2 MB 37 kB/s
     http_req_blocked...............: avg=7.1µs    min=2.17µs   med=5.51µs   max=825.19µs p(90)=6.62µs   p(95)=7.25µs  
     http_req_connecting............: avg=524ns    min=0s       med=0s       max=683.89µs p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=82.24ms  min=7.47ms   med=67.96ms  max=381.84ms p(90)=140.81ms p(95)=163.55ms
       { expected_response:true }...: avg=82.24ms  min=7.47ms   med=67.96ms  max=381.84ms p(90)=140.81ms p(95)=163.55ms
     http_req_failed................: 0.00%  ✓ 0         ✗ 2902
     http_req_receiving.............: avg=90.44µs  min=28.67µs  med=79.94µs  max=1.51ms   p(90)=114.74µs p(95)=145.42µs
     http_req_sending...............: avg=35.51µs  min=9.98µs   med=29.03µs  max=1.05ms   p(90)=42.31µs  p(95)=58.84µs 
     http_req_tls_handshaking.......: avg=0s       min=0s       med=0s       max=0s       p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=82.12ms  min=7.31ms   med=67.78ms  max=381.75ms p(90)=140.69ms p(95)=163.44ms
     http_reqs......................: 2902   48.255863/s
     iteration_duration.............: avg=248.46ms min=158.94ms med=235.82ms max=786.17ms p(90)=308.39ms p(95)=335.74ms
     iterations.....................: 967    16.079745/s
     vus............................: 4      min=4       max=4 
     vus_max........................: 4      min=4       max=4