fix(deps): update dependency react-markdown to v10 #3533

sentry · 2026-02-25T10:02:56Z

Bug: The Markdown.js component uses props (disallowedTypes, escapeHtml, renderers) that were removed in react-markdown v10, causing a breaking change.
_{Severity: HIGH}

Suggested Fix

Update the Markdown.js component to conform to the react-markdown v10 API. Replace the renderers prop with the new components prop and find alternatives for disallowedTypes and escapeHtml functionality according to the library's new documentation.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The project's `Markdown.js` component is being passed props that have been removed in `react-markdown` v10, which is being upgraded in this pull request. Specifically, the component uses `disallowedTypes`, `escapeHtml`, and `renderers`, all of which are deprecated or removed. The `renderers` prop, in particular, has been replaced by a new `components` prop. This incompatibility will cause a runtime error or silent failure, breaking markdown rendering in forms like `CheckoutForm.js`.

sentry · 2026-02-25T14:18:19Z

Bug: The react-markdown upgrade to v10 introduces breaking API changes. The Markdown.js component uses deprecated v5 props, which will cause markdown rendering to fail silently.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to use the react-markdown v10 API. This includes renaming the source prop to children, renderers to components, and disallowedTypes to disallowedElements. Remove usage of the escapeHtml and className props, as they are no longer supported. The tests in Markdown_test.js should also be updated to reflect these new API changes.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The upgrade of `react-markdown` from version 5 to 10 introduces breaking API changes that are not addressed in the `Markdown.js` component. The component continues to pass deprecated props from the v5 API, such as `source`, `renderers`, `disallowedTypes`, and `escapeHtml`. The v10 library expects different props (`children`, `components`, `disallowedElements`) and will silently ignore the old ones. This will cause markdown content, specifically the data consent text in the checkout flow, to fail to render, resulting in a blank section where legal compliance information should appear.

sentry · 2026-02-25T16:38:58Z

Bug: The update to react-markdown v10 causes a silent failure. The component now expects content via the children prop, but the code still passes the deprecated source prop.
_{Severity: CRITICAL}

Suggested Fix

Refactor the Markdown.js wrapper component to accept content via the children prop instead of the source prop. Update all instances where <Markdown> is used, such as in CheckoutForm.js, to pass the markdown content as children, for example: <Markdown>{dataConsent.consent_text}</Markdown>. Also, update related tests.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The pull request upgrades `react-markdown` from v5 to v10. This upgrade spans a breaking change introduced in v7 where the `source` prop was replaced by `children` for passing markdown content. The `Markdown.js` wrapper component and its usages in `CheckoutForm.js` and tests still use the deprecated `source` prop. In `react-markdown` v10, an unrecognized `source` prop is ignored, and since no `children` are provided, the component will render no content. This will result in a silent functional bug where the data sharing consent modal in the checkout form will appear empty.

sentry · 2026-02-26T09:22:47Z

Bug: The Markdown component uses props like renderers, linkReference, and disallowedTypes which were removed or renamed in react-markdown v10, breaking custom link rendering.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to use the react-markdown v10 API. Replace the renderers prop with components, migrate the custom logic from linkReference to the a component, and update other deprecated props like disallowedTypes to disallowedElements. Remove props that no longer exist, such as escapeHtml and className.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The upgrade of `react-markdown` to v10 introduces several breaking changes that are not addressed in the `Markdown.js` component. The component uses deprecated props such as `renderers` (replaced by `components`), `disallowedTypes` (replaced by `disallowedElements`), `escapeHtml` (removed), and `className` (removed). Specifically, the custom `renderers={{ linkReference: ... }}` logic will be silently ignored. This breaks the intended behavior of handling reference-style links and preventing non-URL bracketed text (e.g., `[bracket]`) from becoming links. The component will render this content incorrectly.

sentry · 2026-02-26T15:49:37Z

Bug: The react-markdown upgrade to v10 requires React 18, but the project is on React 16, which will likely cause runtime errors in the checkout flow.
_{Severity: CRITICAL}

Suggested Fix

To resolve this incompatibility, either upgrade the project's React version to ^18.0.0 to meet the new peer dependency requirement, or revert the react-markdown upgrade to a version that is compatible with React 16.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The pull request upgrades `react-markdown` to version 10.1.0, which requires `react` version 18 or greater as a peer dependency. The project's `react` version remains at `^16.8.4`, creating an incompatibility. This mismatch is likely to cause runtime failures when the `Markdown.js` component is rendered, which is used in critical user-facing flows like the `CheckoutForm.js`. The API for `react-markdown` has also changed significantly, which will cause the existing implementation to break.

sentry · 2026-02-26T16:01:37Z

Bug: The react-markdown upgrade to v10 has breaking API changes. The component still uses old props like source, disallowedTypes, and renderers, which are now ignored, causing rendering failures.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to use the new react-markdown v10 API. Replace the source prop with children. Change disallowedTypes={["image"]} to disallowedElements={["img"]}. Replace the renderers prop with components. Remove the className prop and apply styling to a wrapper element if needed. To handle HTML escaping, remove the escapeHtml prop and add the rehype-sanitize plugin.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The upgrade of `react-markdown` from v5 to v10 introduces several breaking API changes that are not addressed in the `Markdown.js` component. The component continues to use props from the old API, such as `source`, `disallowedTypes`, `escapeHtml`, `renderers`, and `className`. In v10, these props are silently ignored. This will cause markdown content to not render (as `source` is replaced by `children`), image blocking to fail (as `disallowedTypes` is now `disallowedElements`), custom link rendering to break (as `renderers` is now `components`), and styling to be lost (as `className` is removed). This also introduces a potential XSS vulnerability because `escapeHtml` is no longer supported and an alternative like `rehype-sanitize` has not been added.

sentry · 2026-02-27T12:09:27Z

Bug: The react-markdown upgrade requires React 18, but the project uses React 16. This will cause the build to fail due to a dependency conflict.
_{Severity: CRITICAL}

Suggested Fix

To resolve the incompatibility, either do not upgrade react-markdown to a version that requires React 18, or upgrade the project's React version to ^18.0.0 or higher. Given the scope, it is likely preferable to find a version of react-markdown compatible with React 16.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The update to `react-markdown` in `package.json` introduces a version that is incompatible with the project's current React version. The new `react-markdown` (v10) requires React 18 or higher, but the project is using React `^16.8.4`. This will cause the package installation or build process to fail, preventing the application from running. The incompatibility is a blocking issue for this upgrade.

sentry · 2026-02-27T18:56:50Z

Bug: The Markdown.js component uses props like source and renderers that were removed in react-markdown v10, which will cause markdown content to fail to render.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to align with the react-markdown v10 API. This includes passing markdown content as children instead of using the source prop, replacing disallowedTypes with disallowedElements, and migrating from the renderers prop to the components prop.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: Upgrading `react-markdown` to version 10 introduces breaking API changes that are not accounted for in the custom `Markdown.js` wrapper component. The component continues to pass a `source` prop, which was removed in v10 in favor of `children`. It also uses other deprecated props like `disallowedTypes`, `escapeHtml`, and `renderers`. This incompatibility will cause the `Markdown` component to fail to render its content. This affects critical user flows, such as the display of the "Data Sharing Policy" in `CheckoutForm.js`, which will prevent users from completing the checkout process.

sentry · 2026-03-03T10:54:35Z

Bug: The react-markdown dependency upgrade to v10 is incomplete. The Markdown.js component uses several props (source, className, renderers, disallowedTypes) that are now deprecated, causing it to break.
_{Severity: HIGH}

Suggested Fix

Update the Markdown.js component to conform to the react-markdown v10 API. This involves replacing the source prop with children, removing the className prop, and migrating from renderers to components and disallowedTypes to disallowedElements with updated values (e.g., 'image' to 'img').

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The upgrade of `react-markdown` from v5 to v10 introduces multiple breaking changes that are not addressed in the `Markdown.js` component. The component uses props such as `source`, `className`, `renderers`, and `disallowedTypes`, which have been removed or replaced in v10. For instance, `source` is replaced by `children`, and `disallowedTypes` is replaced by `disallowedElements`. This will cause the component to fail at runtime, breaking any feature that uses it, such as the consent agreement display in the checkout form. Existing tests for this component are expected to fail, which would block the pull request from being merged.

sentry · 2026-03-03T11:31:02Z

Bug: The upgrade to react-markdown v10 is incompatible with the current React version and uses removed/renamed props (source, renderers, className), causing rendering and functionality to break.
_{Severity: CRITICAL}

Suggested Fix

To fix this, either downgrade react-markdown to a compatible version or, preferably, update the Markdown component to use the new API. This includes upgrading the project to React v18+, changing the source prop to children, renderers to components, disallowedTypes={["image"]} to disallowedElements={["img"]}, and handling styling without the className prop. The escapeHtml prop can be removed as the new version escapes HTML by default.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The upgrade of `react-markdown` from v5.0.3 to v10.0.0 introduces multiple breaking changes that are not addressed in the codebase. Firstly, `react-markdown` v10 has a peer dependency on React v18 or newer, while the project uses React v16, which will likely cause installation or runtime failures. Secondly, several props used by the `Markdown` component have been removed or renamed: `source` is now `children`, `renderers` is now `components`, `disallowedTypes` is now `disallowedElements` (with different value requirements), and `className` has been removed. As a result, the data consent modal will fail to render its content, custom link rendering will break, image blocking will not function, and CSS styling will not be applied.

sentry · 2026-03-04T19:01:15Z

Bug: The Markdown.js component uses props like source and renderers which are deprecated in react-markdown v10, causing rendering failures.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to be compatible with react-markdown v10. Change the source prop to children. Replace the deprecated renderers prop with the components prop, and update other props like disallowedTypes and escapeHtml to their v10 equivalents.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The `react-markdown` library is being upgraded to v10, which introduces breaking API changes. The `Markdown.js` component, however, has not been updated to match this new API. It continues to pass a `source` prop for markdown content, but v10 requires this content to be passed as `children`. The component also uses other deprecated or removed props like `disallowedTypes`, `escapeHtml`, and `renderers`. This incompatibility will cause markdown rendering to fail, notably affecting the data consent modal in the checkout flow, which is a critical user path.

sentry · 2026-03-04T23:19:09Z

Bug: The upgrade to react-markdown v10 introduces breaking changes. The Markdown.js component uses removed props like source and renderers, and the new version requires React 18.
_{Severity: CRITICAL}

Suggested Fix

The Markdown.js component needs to be updated to conform to the react-markdown v10 API. This includes passing content as children instead of the source prop, and using components instead of renderers. Alternatively, since the project's React version (16.8.4) is incompatible with react-markdown v10's peer dependency (React >=18), either downgrade react-markdown to a compatible version or upgrade the project's React version.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The `react-markdown` library was upgraded from v5 to v10, which introduces several breaking changes that were not addressed. The `Markdown.js` component passes content via the `source` prop, but v10 expects content as `children`. Consequently, no markdown content will be rendered. Additionally, props like `disallowedTypes`, `escapeHtml`, and `renderers` have been removed or renamed, breaking image blocking and custom link handling. Furthermore, `react-markdown` v10 has a peer dependency on React >=18, but the project uses React 16.8.4, which will cause runtime issues.

sentry · 2026-03-05T02:52:35Z

Bug: The Markdown.js component uses props like source and renderers that were removed in react-markdown v10, which will cause a runtime crash and incorrect rendering.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to conform to the react-markdown v10 API. This involves passing the markdown content as children instead of using the source prop. Replace the renderers prop with the new components prop for custom rendering logic. Update disallowedTypes to disallowedElements and remove the obsolete escapeHtml and className props.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The `react-markdown` dependency was upgraded from v5 to v10, but the `Markdown.js` component was not updated to use the new API. The component passes a `source` prop to `ReactMarkdown`, which was removed in v10 and will cause a runtime error with the message "Unexpected `source` prop, use `children` instead". This will break any part of the application that uses the `Markdown` component, such as the data sharing policy modal in the checkout form. Additionally, other props like `renderers`, `disallowedTypes`, `escapeHtml`, and `className` are now obsolete and will be ignored, leading to incorrect rendering, loss of custom link handling, and potential security issues like images rendering when they should be blocked.

sentry · 2026-03-05T07:57:16Z

Bug: Upgrading react-markdown to v10 introduces breaking API changes. The Markdown.js component still uses removed props like source and disallowedTypes, which will cause rendering failures and functional regressions.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to be compatible with react-markdown v10. Replace the source prop with children, disallowedTypes={["image"]} with disallowedElements={['img']}, renderers with components, and remove the escapeHtml and className props.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The upgrade of `react-markdown` from v5.0.3 to v10.0.0 introduces several breaking API changes that are not addressed in the `Markdown.js` component. The `source` prop has been replaced by `children`, which will cause markdown content, such as the data sharing policy in the checkout form, to fail to render. Additionally, the `disallowedTypes` prop is now `disallowedElements`, `renderers` is now `components`, and the `escapeHtml` and `className` props have been removed. These unhandled changes will lead to broken functionality, such as images rendering when they should be blocked, and will likely break the checkout flow.

sentry · 2026-03-05T11:42:39Z

Bug: The Markdown.js component uses a deprecated API for react-markdown v10, causing markdown content to not render and other features to break.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to conform to the react-markdown v10 API. Change the source prop to children, disallowedTypes to disallowedElements, and renderers to components. Remove the unsupported escapeHtml and className props. Ensure callers of Markdown.js pass the markdown content as a child element instead of a source prop.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The `react-markdown` library was upgraded from v5 to v10, but the `Markdown.js` component was not updated to use the new API. The component still passes props like `source`, `disallowedTypes`, `renderers`, `escapeHtml`, and `className`, which have been removed or renamed in v10. As a result, markdown content passed via the `source` prop will not render, image filtering via `disallowedTypes` will fail, and custom link rendering logic via `renderers` will be ignored. This will cause markdown to be displayed as empty content and break existing functionality and tests.

sentry · 2026-03-05T12:35:28Z

Bug: Upgrading react-markdown to v10 without updating the Markdown.js component will cause a runtime crash because the source prop is no longer supported.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to align with the react-markdown v10 API. This involves changing how content is passed from the source prop to the children prop. For example, <ReactMarkdown {...props}>{source}</ReactMarkdown>. Additionally, the disallowedTypes prop should be renamed to disallowedElements, and its value updated from ["image"] to ["img"].

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The `react-markdown` library was upgraded to version 10, which introduces breaking API changes. The `Markdown.js` component was not updated to reflect these changes. Specifically, `react-markdown` v10 no longer accepts the `source` prop for passing markdown content, requiring the `children` prop instead. The library will throw a runtime error: "Unexpected `source` prop, use `children` instead". This error will occur when the `CheckoutForm` component attempts to render the data sharing policy modal, causing the application to crash and preventing users from completing the checkout flow.

sentry · 2026-03-05T12:53:24Z

Bug: Upgrading react-markdown to v10 is a breaking change. The Markdown.js component still uses the old source prop, which will cause a runtime error and break the checkout flow.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component and its usages to comply with the react-markdown v10 API. This includes replacing the source prop with children, and migrating the logic from disallowedTypes and renderers to the new components prop API to correctly block images and handle custom link rendering.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The `react-markdown` dependency was upgraded to v10.0.0, which introduces breaking API changes. The `Markdown.js` component, however, was not updated and still uses props from the old v5 API. Specifically, it passes a `source` prop, which was removed in v10 in favor of using `children`. This will cause a runtime error: `"Unexpected 'source' prop, use 'children' instead"`. This component is used in the checkout flow to render a data consent modal, and this error will break the modal, preventing users from completing purchases. Additionally, other props like `disallowedTypes`, `escapeHtml`, and `renderers` are now ignored, breaking image-blocking and custom link rendering logic.

sentry · 2026-03-09T10:54:12Z

Bug: The react-markdown upgrade to v10 introduces breaking API changes. The Markdown.js component uses deprecated props (source, renderers, disallowedTypes), which will cause runtime errors or incorrect rendering.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component to align with the react-markdown v10 API. Replace the source prop by passing markdown content as children. Change the renderers prop to components and update its structure. Replace disallowedTypes={["image"]} with disallowedElements={["img"]}. Finally, remove the escapeHtml prop, as its behavior is now default.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The upgrade of `react-markdown` from version 5 to 10 introduces several breaking API changes that are not addressed in the `Markdown.js` component. The component continues to use props that have been removed or renamed, including `source`, `disallowedTypes`, `renderers`, and `escapeHtml`. The use of the `source` prop, which was replaced by passing content as `children`, is expected to cause a runtime error and prevent the component from rendering. This will affect user-facing content, such as the Data Sharing Policy in the checkout flow. Additionally, the renaming of `renderers` to `components` and `disallowedTypes` to `disallowedElements` will cause custom rendering logic and element restrictions to be silently ignored, leading to incorrect output.

sentry · 2026-03-09T16:14:16Z

Bug: The react-markdown upgrade to v10 breaks the Markdown.js component, which still uses the old v5 API for props like source, renderers, and disallowedTypes.
_{Severity: CRITICAL}

Suggested Fix

Update the Markdown.js component and its usages to be compatible with react-markdown v10. This includes passing content as children instead of the source prop, using the components prop instead of renderers for custom elements, and using disallowedElements instead of disallowedTypes.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: package.json#L89 Potential issue: The `react-markdown` library was upgraded from v5 to v10, but the `Markdown.js` component was not updated to use the new API. This will cause multiple issues. The `source` prop is no longer supported and content must be passed as `children`, which will cause the Data Sharing Policy modal in the checkout flow to appear blank. Additionally, other props like `disallowedTypes`, `className`, and `renderers` are deprecated and will be ignored. This breaks image blocking functionality and custom link rendering, which are explicitly covered by existing tests.

-Original file line number
+Diff line change
@@ Expand Up / @@ -86,7 +86,7 @@ @@
         "react-ga": "^2.2.0",
         "react-google-recaptcha": "^1.0.5",
         "react-hot-loader": "^4.8.0",
-        "react-markdown": "^5.0.3",
+        "react-markdown": "^10.0.0",
         "react-picky": "^5.3.2",
         "react-redux": "^5.0.5",
         "react-router": "^4.1.1",
@@ Expand Down @@

fix(deps): update dependency react-markdown to v10 #3533

Are you sure you want to change the base?

Uh oh!

fix(deps): update dependency react-markdown to v10 #3533

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

sentry bot Feb 25, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Feb 25, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Feb 25, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Feb 26, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Feb 26, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Feb 26, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Feb 27, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Feb 27, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 3, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 4, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 4, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 5, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 9, 2026

Choose a reason for hiding this comment

Uh oh!

sentry bot Mar 9, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!