Fixed 2 security vulnerabilities that could result in cache-poisoning attacks by sending specific headers intended for build-time usage for SPA Mode and Pre-rendering (GHSA-f46r-rw29-r322, GHSA-cpj6-fhp6-mr6j).

Patch Changes

react-router - Adjust approach for Pre-rendering/SPA Mode via headers (#13453)
react-router - Update Single Fetch to also handle the 204 redirects used in ?_data requests in Remix v2 (#13364)
- This allows applications to trigger a redirect on .data requests from outside the scope of React Router (i.e., an express/hono middleware) the same way they did in Remix v2 before Single Fetch was implemented
- This is a bit of an escape hatch - the recommended way to handle this is redirecting from a root route middleware
- To use this functionality, you may return from a .data request wih a response as follows:
  - Set a 204 status code
  - Set an X-Remix-Redirect: <new-location> header
  - Optionally, set X-Remix-Replace: true or X-Remix-Reload-Document: true headers to replicate replace()/redirectDocument() functionality
- ⚠️ Please note that these responses rely on implementation details that are subject to change without a SemVer major release, and it is recommended you set up integration tests for your application to confirm this functionality is working correctly with each future React Router upgrade