From c31c3ecc5faad489146f3063de690a9791b3e005 Mon Sep 17 00:00:00 2001 From: Vercel Date: Mon, 22 Dec 2025 20:41:45 +0000 Subject: [PATCH] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- package.json | 2 +- pnpm-lock.yaml | 24 ++++++++++++------------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/package.json b/package.json index 6fd6cb0..3b5a0ed 100644 --- a/package.json +++ b/package.json @@ -79,7 +79,7 @@ "jsonwebtoken": "^9.0.2", "lucide-react": "^0.539.0", "minimatch": "^10.0.3", - "next": "15.4.8", + "next": "15.4.10", "next-auth": "^4.24.11", "next-themes": "^0.4.6", "octokit": "^5.0.3", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0b901b0..61a05a3 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -141,11 +141,11 @@ importers: specifier: ^10.0.3 version: 10.0.3 next: - specifier: 15.4.8 - version: 15.4.8(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + specifier: 15.4.10 + version: 15.4.10(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) next-auth: specifier: ^4.24.11 - version: 4.24.11(next@15.4.8(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + version: 4.24.11(next@15.4.10(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0) next-themes: specifier: ^0.4.6 version: 0.4.6(react-dom@19.1.0(react@19.1.0))(react@19.1.0) @@ -869,8 +869,8 @@ packages: cpu: [x64] os: [win32] - '@next/env@15.4.8': - resolution: {integrity: sha512-LydLa2MDI1NMrOFSkO54mTc8iIHSttj6R6dthITky9ylXV2gCGi0bHQjVCtLGRshdRPjyh2kXbxJukDtBWQZtQ==} + '@next/env@15.4.10': + resolution: {integrity: sha512-knhmoJ0Vv7VRf6pZEPSnciUG1S4bIhWx+qTYBW/AjxEtlzsiNORPk8sFDCEvqLfmKuey56UB9FL1UdHEV3uBrg==} '@next/swc-darwin-arm64@15.4.8': resolution: {integrity: sha512-Pf6zXp7yyQEn7sqMxur6+kYcywx5up1J849psyET7/8pG2gQTVMjU3NzgIt8SeEP5to3If/SaWmaA6H6ysBr1A==} @@ -3822,8 +3822,8 @@ packages: react: ^16.8 || ^17 || ^18 || ^19 || ^19.0.0-rc react-dom: ^16.8 || ^17 || ^18 || ^19 || ^19.0.0-rc - next@15.4.8: - resolution: {integrity: sha512-jwOXTz/bo0Pvlf20FSb6VXVeWRssA2vbvq9SdrOPEg9x8E1B27C2rQtvriAn600o9hH61kjrVRexEffv3JybuA==} + next@15.4.10: + resolution: {integrity: sha512-itVlc79QjpKMFMRhP+kbGKaSG/gZM6RCvwhEbwmCNF06CdDiNaoHcbeg0PqkEa2GOcn8KJ0nnc7+yL7EjoYLHQ==} engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0} hasBin: true peerDependencies: @@ -5509,7 +5509,7 @@ snapshots: '@msgpackr-extract/msgpackr-extract-win32-x64@3.0.3': optional: true - '@next/env@15.4.8': {} + '@next/env@15.4.10': {} '@next/swc-darwin-arm64@15.4.8': optional: true @@ -8909,13 +8909,13 @@ snapshots: natural-compare@1.4.0: {} - next-auth@4.24.11(next@15.4.8(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0): + next-auth@4.24.11(next@15.4.10(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0))(react-dom@19.1.0(react@19.1.0))(react@19.1.0): dependencies: '@babel/runtime': 7.28.3 '@panva/hkdf': 1.2.1 cookie: 0.7.2 jose: 4.15.9 - next: 15.4.8(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) + next: 15.4.10(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0) oauth: 0.9.15 openid-client: 5.7.1 preact: 10.27.1 @@ -8929,9 +8929,9 @@ snapshots: react: 19.1.0 react-dom: 19.1.0(react@19.1.0) - next@15.4.8(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0): + next@15.4.10(@playwright/test@1.55.0)(react-dom@19.1.0(react@19.1.0))(react@19.1.0): dependencies: - '@next/env': 15.4.8 + '@next/env': 15.4.10 '@swc/helpers': 0.5.15 caniuse-lite: 1.0.30001737 postcss: 8.4.31