From 9aff479c1139a4caebd09198270eea1a7cbb6115 Mon Sep 17 00:00:00 2001 From: Vercel Date: Fri, 6 Mar 2026 07:31:15 +0000 Subject: [PATCH] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- package.json | 2 +- pnpm-lock.yaml | 109 +++++++++++++++++++++++++------------------------ 2 files changed, 56 insertions(+), 55 deletions(-) diff --git a/package.json b/package.json index bc5ea80..8d2c2c8 100644 --- a/package.json +++ b/package.json @@ -30,7 +30,7 @@ "framer-motion": "^12.4.7", "geist": "^1.3.0", "motion": "^12.4.7", - "next": "^15.0.1", + "next": "15.0.7", "next-view-transitions": "^0.3.4", "postgres": "^3.4.4", "react": "^18.3.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index e543593..297755b 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -34,16 +34,16 @@ importers: version: 12.4.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) geist: specifier: ^1.3.0 - version: 1.3.1(next@15.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1)) + version: 1.3.1(next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1)) motion: specifier: ^12.4.7 version: 12.4.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) next: - specifier: ^15.0.1 - version: 15.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + specifier: 15.0.7 + version: 15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) next-view-transitions: specifier: ^0.3.4 - version: 0.3.4(next@15.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + version: 0.3.4(next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1) postgres: specifier: ^3.4.4 version: 3.4.5 @@ -616,56 +616,56 @@ packages: '@jridgewell/trace-mapping@0.3.25': resolution: {integrity: sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==} - '@next/env@15.1.7': - resolution: {integrity: sha512-d9jnRrkuOH7Mhi+LHav2XW91HOgTAWHxjMPkXMGBc9B2b7614P7kjt8tAplRvJpbSt4nbO1lugcT/kAaWzjlLQ==} + '@next/env@15.0.7': + resolution: {integrity: sha512-g/v9G2Xmv9T6w/DcRdcdVkLuAHnGt5fcJ3C33PmPrrdtUrwrjXcT4jXasdedSbw+koXa4YeEA3nPgy6q2wmk2A==} '@next/eslint-plugin-next@15.1.7': resolution: {integrity: sha512-kRP7RjSxfTO13NE317ek3mSGzoZlI33nc/i5hs1KaWpK+egs85xg0DJ4p32QEiHnR0mVjuUfhRIun7awqfL7pQ==} - '@next/swc-darwin-arm64@15.1.7': - resolution: {integrity: sha512-hPFwzPJDpA8FGj7IKV3Yf1web3oz2YsR8du4amKw8d+jAOHfYHYFpMkoF6vgSY4W6vB29RtZEklK9ayinGiCmQ==} + '@next/swc-darwin-arm64@15.0.5': + resolution: {integrity: sha512-BrNm/9BZoV6QEFKFZdgZRyYwhdhxV8GhW+U4D5cdkT4Wefj7YflAUZNx2FWyBPp7utBPCgJXnVbVLhlDoIfKFg==} engines: {node: '>= 10'} cpu: [arm64] os: [darwin] - '@next/swc-darwin-x64@15.1.7': - resolution: {integrity: sha512-2qoas+fO3OQKkU0PBUfwTiw/EYpN+kdAx62cePRyY1LqKtP09Vp5UcUntfZYajop5fDFTjSxCHfZVRxzi+9FYQ==} + '@next/swc-darwin-x64@15.0.5': + resolution: {integrity: sha512-SkpRdqyJLhmU6Ip0dHrZ5mLMQgTU0MlTASRwqCj6NXQJ04eS4QzBgEUUOPX+tsUOQ+KSVMgX/iQaWgQHNMyyCQ==} engines: {node: '>= 10'} cpu: [x64] os: [darwin] - '@next/swc-linux-arm64-gnu@15.1.7': - resolution: {integrity: sha512-sKLLwDX709mPdzxMnRIXLIT9zaX2w0GUlkLYQnKGoXeWUhcvpCrK+yevcwCJPdTdxZEUA0mOXGLdPsGkudGdnA==} + '@next/swc-linux-arm64-gnu@15.0.5': + resolution: {integrity: sha512-nk+6BAIkIHTeQg+U1uqGpZ8K1KSAbhq80EkSgpgPC6wBmRkEeBitn4yL9C0fUiEPeZ3zN4yrvI635GG/H2QmSQ==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] - '@next/swc-linux-arm64-musl@15.1.7': - resolution: {integrity: sha512-zblK1OQbQWdC8fxdX4fpsHDw+VSpBPGEUX4PhSE9hkaWPrWoeIJn+baX53vbsbDRaDKd7bBNcXRovY1hEhFd7w==} + '@next/swc-linux-arm64-musl@15.0.5': + resolution: {integrity: sha512-CozywhydLroNNz1AMKdKKVBuRc0UIBG7TlVgXXn51MdZo4sMbfApOlQFUyuAbKJbe67vd39Yib2lVVVDfLTtfw==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] - '@next/swc-linux-x64-gnu@15.1.7': - resolution: {integrity: sha512-GOzXutxuLvLHFDAPsMP2zDBMl1vfUHHpdNpFGhxu90jEzH6nNIgmtw/s1MDwpTOiM+MT5V8+I1hmVFeAUhkbgQ==} + '@next/swc-linux-x64-gnu@15.0.5': + resolution: {integrity: sha512-VWfvl8toyC/5Rn1GgKfiASYgssCsxz4GtwK2cFKmmnyGfoKubFc6DfCI5MzBoe2Q2gzd2CeZDoT1BhuutSiL7A==} engines: {node: '>= 10'} cpu: [x64] os: [linux] - '@next/swc-linux-x64-musl@15.1.7': - resolution: {integrity: sha512-WrZ7jBhR7ATW1z5iEQ0ZJfE2twCNSXbpCSaAunF3BKcVeHFADSI/AW1y5Xt3DzTqPF1FzQlwQTewqetAABhZRQ==} + '@next/swc-linux-x64-musl@15.0.5': + resolution: {integrity: sha512-xCD/V4Z55eFtG2SNyXgG3ciIikcxNe4FgmgcW4xTaEcLY59ZJVLxx4PLve2vDgp7xqvwDD4vvUsJuFMuQ12oGg==} engines: {node: '>= 10'} cpu: [x64] os: [linux] - '@next/swc-win32-arm64-msvc@15.1.7': - resolution: {integrity: sha512-LDnj1f3OVbou1BqvvXVqouJZKcwq++mV2F+oFHptToZtScIEnhNRJAhJzqAtTE2dB31qDYL45xJwrc+bLeKM2Q==} + '@next/swc-win32-arm64-msvc@15.0.5': + resolution: {integrity: sha512-OmKXP/mUzY+AiDFk9PR3RoM6YfgzNYhtSbfvTUDk3PxoCLKnwTZ8xsFoWX2ph/RFC25QucTeAFepouGGsdBPAg==} engines: {node: '>= 10'} cpu: [arm64] os: [win32] - '@next/swc-win32-x64-msvc@15.1.7': - resolution: {integrity: sha512-dC01f1quuf97viOfW05/K8XYv2iuBgAxJZl7mbCKEjMgdQl5JjAKJ0D2qMKZCgPWDeFbFT0Q0nYWwytEW0DWTQ==} + '@next/swc-win32-x64-msvc@15.0.5': + resolution: {integrity: sha512-O34P9asvZtdNQ+4sEczSLruYvM7XEQKY/FCwRAeQQnrWW3tol3VEuv2GtnFb1YHsP3lZtagd11UYJqrs0Y0r2A==} engines: {node: '>= 10'} cpu: [x64] os: [win32] @@ -699,8 +699,8 @@ packages: '@swc/counter@0.1.3': resolution: {integrity: sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==} - '@swc/helpers@0.5.15': - resolution: {integrity: sha512-JQ5TuMi45Owi4/BIMAJBoSQoOJu12oOk/gADqlcUL9JEdHB8vyjUSsxqeNXnmXHjYKMi2WcYtezGEEhqUI/E2g==} + '@swc/helpers@0.5.13': + resolution: {integrity: sha512-UoKGxQ3r5kYI9dALKJapMmuK+1zWM/H17Z1+iwnNmzcJRnfFuevZs375TA5rW31pu4BS4NoSy1fRsexDXfWn5w==} '@t3-oss/env-core@0.10.1': resolution: {integrity: sha512-GcKZiCfWks5CTxhezn9k5zWX3sMDIYf6Kaxy2Gx9YEQftFcz8hDRN56hcbylyAO3t4jQnQ5ifLawINsNgCDpOg==} @@ -1477,11 +1477,12 @@ packages: glob@10.4.5: resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==} + deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me hasBin: true glob@7.2.3: resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} - deprecated: Glob versions prior to v9 are no longer supported + deprecated: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me globals@13.24.0: resolution: {integrity: sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ==} @@ -1812,16 +1813,16 @@ packages: react: ^18.2.0 react-dom: ^18.2.0 - next@15.1.7: - resolution: {integrity: sha512-GNeINPGS9c6OZKCvKypbL8GTsT5GhWPp4DM0fzkXJuXMilOO2EeFxuAY6JZbtk6XIl6Ws10ag3xRINDjSO5+wg==} + next@15.0.7: + resolution: {integrity: sha512-Vl6fLEuOP1MgtEmDrY51BQr6Bl8oC8vDSHdA10xZWPPZa6e+dOwYNDLWHjvTktNLZkKYySpsW3Yzy4Lo+JORkw==} engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0} hasBin: true peerDependencies: '@opentelemetry/api': ^1.1.0 '@playwright/test': ^1.41.2 babel-plugin-react-compiler: '*' - react: ^18.2.0 || 19.0.0-rc-de68d2f4-20241204 || ^19.0.0 - react-dom: ^18.2.0 || 19.0.0-rc-de68d2f4-20241204 || ^19.0.0 + react: ^18.2.0 || 19.0.0-rc-66855b96-20241106 || ^19.0.0 + react-dom: ^18.2.0 || 19.0.0-rc-66855b96-20241106 || ^19.0.0 sass: ^1.3.0 peerDependenciesMeta: '@opentelemetry/api': @@ -2750,34 +2751,34 @@ snapshots: '@jridgewell/resolve-uri': 3.1.2 '@jridgewell/sourcemap-codec': 1.5.0 - '@next/env@15.1.7': {} + '@next/env@15.0.7': {} '@next/eslint-plugin-next@15.1.7': dependencies: fast-glob: 3.3.1 - '@next/swc-darwin-arm64@15.1.7': + '@next/swc-darwin-arm64@15.0.5': optional: true - '@next/swc-darwin-x64@15.1.7': + '@next/swc-darwin-x64@15.0.5': optional: true - '@next/swc-linux-arm64-gnu@15.1.7': + '@next/swc-linux-arm64-gnu@15.0.5': optional: true - '@next/swc-linux-arm64-musl@15.1.7': + '@next/swc-linux-arm64-musl@15.0.5': optional: true - '@next/swc-linux-x64-gnu@15.1.7': + '@next/swc-linux-x64-gnu@15.0.5': optional: true - '@next/swc-linux-x64-musl@15.1.7': + '@next/swc-linux-x64-musl@15.0.5': optional: true - '@next/swc-win32-arm64-msvc@15.1.7': + '@next/swc-win32-arm64-msvc@15.0.5': optional: true - '@next/swc-win32-x64-msvc@15.1.7': + '@next/swc-win32-x64-msvc@15.0.5': optional: true '@nodelib/fs.scandir@2.1.5': @@ -2803,7 +2804,7 @@ snapshots: '@swc/counter@0.1.3': {} - '@swc/helpers@0.5.15': + '@swc/helpers@0.5.13': dependencies: tslib: 2.8.1 @@ -3701,9 +3702,9 @@ snapshots: functions-have-names@1.2.3: {} - geist@1.3.1(next@15.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1)): + geist@1.3.1(next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1)): dependencies: - next: 15.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + next: 15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) get-intrinsic@1.2.7: dependencies: @@ -4062,17 +4063,17 @@ snapshots: natural-compare@1.4.0: {} - next-view-transitions@0.3.4(next@15.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1): + next-view-transitions@0.3.4(next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-dom@18.3.1(react@18.3.1))(react@18.3.1): dependencies: - next: 15.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + next: 15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) react: 18.3.1 react-dom: 18.3.1(react@18.3.1) - next@15.1.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1): + next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1): dependencies: - '@next/env': 15.1.7 + '@next/env': 15.0.7 '@swc/counter': 0.1.3 - '@swc/helpers': 0.5.15 + '@swc/helpers': 0.5.13 busboy: 1.6.0 caniuse-lite: 1.0.30001700 postcss: 8.4.31 @@ -4080,14 +4081,14 @@ snapshots: react-dom: 18.3.1(react@18.3.1) styled-jsx: 5.1.6(react@18.3.1) optionalDependencies: - '@next/swc-darwin-arm64': 15.1.7 - '@next/swc-darwin-x64': 15.1.7 - '@next/swc-linux-arm64-gnu': 15.1.7 - '@next/swc-linux-arm64-musl': 15.1.7 - '@next/swc-linux-x64-gnu': 15.1.7 - '@next/swc-linux-x64-musl': 15.1.7 - '@next/swc-win32-arm64-msvc': 15.1.7 - '@next/swc-win32-x64-msvc': 15.1.7 + '@next/swc-darwin-arm64': 15.0.5 + '@next/swc-darwin-x64': 15.0.5 + '@next/swc-linux-arm64-gnu': 15.0.5 + '@next/swc-linux-arm64-musl': 15.0.5 + '@next/swc-linux-x64-gnu': 15.0.5 + '@next/swc-linux-x64-musl': 15.0.5 + '@next/swc-win32-arm64-msvc': 15.0.5 + '@next/swc-win32-x64-msvc': 15.0.5 sharp: 0.33.5 transitivePeerDependencies: - '@babel/core'