Commit 047ee0d
authored
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?v=4&size=40){kind=avatar}
Update Next.js/React Flight packages for RCE advisory (#29)
# React Flight / Next.js RCE Advisory Fix
## Summary
Updated the repository to address the React Flight / Next.js RCE advisory by upgrading Next.js to a patched version.
## Analysis
Scanned all workspace package.json files to identify affected packages:
- **apps/website/package.json**: Contains `next@16.0.3` (VULNERABLE)
- **apps/app/package.json**: Does not use Next.js or React Flight packages
- **packages/agent-cli-sdk/package.json**: No Next.js or React Flight packages
- **packages/agentcmd-workflows/package.json**: No Next.js or React Flight packages
No React Flight packages (`react-server-dom-webpack`, `react-server-dom-parcel`, `react-server-dom-turbopack`) were found in the project.
## Changes Made
### Modified Files
- **apps/website/package.json**: Upgraded `next` from `16.0.3` to `16.0.7`
- React and React DOM were not modified as they are already at safe versions (19.2.0)
- Next.js version 16.0.7 includes the security fix for the RCE vulnerability
### Updated Lockfiles
- **pnpm-lock.yaml**: Updated to reflect the new Next.js 16.0.7 dependency and all transitive dependencies
## Verification
✅ Successfully ran `pnpm install` to update lockfiles
✅ Verified that `next@16.0.7` is correctly resolved in pnpm-lock.yaml
✅ Successfully built the website app with `pnpm build` to confirm no regressions
## Implementation Details
- Only the affected package (Next.js in the website app) was upgraded to the patched version
- No changes were made to React or React DOM as per the advisory instructions (Next.js handles these automatically)
- All peer dependency warnings are pre-existing and unrelated to this fix
- The build completed successfully with no errors
## Security Impact
The upgrade from Next.js 16.0.3 to 16.0.7 addresses the React Flight / Next.js RCE advisory by including security patches that prevent remote code execution attacks through the React Flight protocol.
Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>1 parent 87a9140 commit 047ee0d
2 files changed
Lines changed: 75 additions & 75 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
34 | | - | |
| 34 | + | |
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
| |||
48 | 48 | | |
49 | 49 | | |
50 | 50 | | |
51 | | - | |
| 51 | + | |
52 | 52 | | |
53 | 53 | | |
54 | 54 | | |
| |||
0 commit comments