From fe4664f6d30d2fc41cef6c087297f7d5f4038fc5 Mon Sep 17 00:00:00 2001 From: Vercel Date: Sat, 13 Dec 2025 00:23:22 +0000 Subject: [PATCH] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- package.json | 2 +- pnpm-lock.yaml | 98 +++++++++++++++++++++++--------------------------- 2 files changed, 45 insertions(+), 55 deletions(-) diff --git a/package.json b/package.json index 0a224d1..9c5bf8d 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "highlight.js": "^11.8.0", "input-otp": "^1.0.1", "lucide-react": "^0.542.0", - "next": "^15.5.2", + "next": "15.5.9", "next-mdx-remote-client": "^2.1.3", "next-themes": "^0.2.1", "pm2": "^5.3.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 94d3325..2b4cb29 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -10,7 +10,7 @@ dependencies: version: 5.0.0(graphql@16.11.0) '@as-integrations/next': specifier: ^4.0.0 - version: 4.0.0(@apollo/server@5.0.0)(next@15.5.2) + version: 4.0.0(@apollo/server@5.0.0)(next@15.5.9) '@eslint/eslintrc': specifier: ^3 version: 3.3.1 @@ -93,14 +93,14 @@ dependencies: specifier: ^0.542.0 version: 0.542.0(react@19.1.1) next: - specifier: ^15.5.2 - version: 15.5.2(react-dom@19.1.1)(react@19.1.1)(sass@1.64.2) + specifier: 15.5.9 + version: 15.5.9(react-dom@19.1.1)(react@19.1.1)(sass@1.64.2) next-mdx-remote-client: specifier: ^2.1.3 version: 2.1.3(@types/react@19.1.12)(react-dom@19.1.1)(react@19.1.1)(unified@11.0.5) next-themes: specifier: ^0.2.1 - version: 0.2.1(next@15.5.2)(react-dom@19.1.1)(react@19.1.1) + version: 0.2.1(next@15.5.9)(react-dom@19.1.1)(react@19.1.1) pm2: specifier: ^5.3.0 version: 5.3.0 @@ -346,7 +346,7 @@ packages: engines: {node: '>=16'} dev: false - /@as-integrations/next@4.0.0(@apollo/server@5.0.0)(next@15.5.2): + /@as-integrations/next@4.0.0(@apollo/server@5.0.0)(next@15.5.9): resolution: {integrity: sha512-vFcm+j1MziybU66uijh1CXJ0BlRIlIMxO6JGtNqnz5maGf/nrGsOO4CqVpG7mUEmcw9rK8fwhCTwQbWQcijRjg==} engines: {node: '>=20'} peerDependencies: @@ -354,7 +354,7 @@ packages: next: ^12.0.0 || ^13.0.0 || ^14.0.0 || ^15.0.0 dependencies: '@apollo/server': 5.0.0(graphql@16.11.0) - next: 15.5.2(react-dom@19.1.1)(react@19.1.1)(sass@1.64.2) + next: 15.5.9(react-dom@19.1.1)(react@19.1.1)(sass@1.64.2) dev: false /@babel/code-frame@7.27.1: @@ -911,8 +911,8 @@ packages: react: 19.1.1 dev: false - /@next/env@15.5.2: - resolution: {integrity: sha512-Qe06ew4zt12LeO6N7j8/nULSOe3fMXE4dM6xgpBQNvdzyK1sv5y4oAP3bq4LamrvGCZtmRYnW8URFCeX5nFgGg==} + /@next/env@15.5.9: + resolution: {integrity: sha512-4GlTZ+EJM7WaW2HEZcyU317tIQDjkQIyENDLxYJfSWlfqguN+dHkZgyQTV/7ykvobU7yEH5gKvreNrH4B6QgIg==} dev: false /@next/eslint-plugin-next@15.5.2: @@ -937,8 +937,8 @@ packages: source-map: 0.7.4 dev: false - /@next/swc-darwin-arm64@15.5.2: - resolution: {integrity: sha512-8bGt577BXGSd4iqFygmzIfTYizHb0LGWqH+qgIF/2EDxS5JsSdERJKA8WgwDyNBZgTIIA4D8qUtoQHmxIIquoQ==} + /@next/swc-darwin-arm64@15.5.7: + resolution: {integrity: sha512-IZwtxCEpI91HVU/rAUOOobWSZv4P2DeTtNaCdHqLcTJU4wdNXgAySvKa/qJCgR5m6KI8UsKDXtO2B31jcaw1Yw==} engines: {node: '>= 10'} cpu: [arm64] os: [darwin] @@ -946,8 +946,8 @@ packages: dev: false optional: true - /@next/swc-darwin-x64@15.5.2: - resolution: {integrity: sha512-2DjnmR6JHK4X+dgTXt5/sOCu/7yPtqpYt8s8hLkHFK3MGkka2snTv3yRMdHvuRtJVkPwCGsvBSwmoQCHatauFQ==} + /@next/swc-darwin-x64@15.5.7: + resolution: {integrity: sha512-UP6CaDBcqaCBuiq/gfCEJw7sPEoX1aIjZHnBWN9v9qYHQdMKvCKcAVs4OX1vIjeE+tC5EIuwDTVIoXpUes29lg==} engines: {node: '>= 10'} cpu: [x64] os: [darwin] @@ -955,8 +955,8 @@ packages: dev: false optional: true - /@next/swc-linux-arm64-gnu@15.5.2: - resolution: {integrity: sha512-3j7SWDBS2Wov/L9q0mFJtEvQ5miIqfO4l7d2m9Mo06ddsgUK8gWfHGgbjdFlCp2Ek7MmMQZSxpGFqcC8zGh2AA==} + /@next/swc-linux-arm64-gnu@15.5.7: + resolution: {integrity: sha512-NCslw3GrNIw7OgmRBxHtdWFQYhexoUCq+0oS2ccjyYLtcn1SzGzeM54jpTFonIMUjNbHmpKpziXnpxhSWLcmBA==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] @@ -964,8 +964,8 @@ packages: dev: false optional: true - /@next/swc-linux-arm64-musl@15.5.2: - resolution: {integrity: sha512-s6N8k8dF9YGc5T01UPQ08yxsK6fUow5gG1/axWc1HVVBYQBgOjca4oUZF7s4p+kwhkB1bDSGR8QznWrFZ/Rt5g==} + /@next/swc-linux-arm64-musl@15.5.7: + resolution: {integrity: sha512-nfymt+SE5cvtTrG9u1wdoxBr9bVB7mtKTcj0ltRn6gkP/2Nu1zM5ei8rwP9qKQP0Y//umK+TtkKgNtfboBxRrw==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] @@ -973,8 +973,8 @@ packages: dev: false optional: true - /@next/swc-linux-x64-gnu@15.5.2: - resolution: {integrity: sha512-o1RV/KOODQh6dM6ZRJGZbc+MOAHww33Vbs5JC9Mp1gDk8cpEO+cYC/l7rweiEalkSm5/1WGa4zY7xrNwObN4+Q==} + /@next/swc-linux-x64-gnu@15.5.7: + resolution: {integrity: sha512-hvXcZvCaaEbCZcVzcY7E1uXN9xWZfFvkNHwbe/n4OkRhFWrs1J1QV+4U1BN06tXLdaS4DazEGXwgqnu/VMcmqw==} engines: {node: '>= 10'} cpu: [x64] os: [linux] @@ -982,8 +982,8 @@ packages: dev: false optional: true - /@next/swc-linux-x64-musl@15.5.2: - resolution: {integrity: sha512-/VUnh7w8RElYZ0IV83nUcP/J4KJ6LLYliiBIri3p3aW2giF+PAVgZb6mk8jbQSB3WlTai8gEmCAr7kptFa1H6g==} + /@next/swc-linux-x64-musl@15.5.7: + resolution: {integrity: sha512-4IUO539b8FmF0odY6/SqANJdgwn1xs1GkPO5doZugwZ3ETF6JUdckk7RGmsfSf7ws8Qb2YB5It33mvNL/0acqA==} engines: {node: '>= 10'} cpu: [x64] os: [linux] @@ -991,8 +991,8 @@ packages: dev: false optional: true - /@next/swc-win32-arm64-msvc@15.5.2: - resolution: {integrity: sha512-sMPyTvRcNKXseNQ/7qRfVRLa0VhR0esmQ29DD6pqvG71+JdVnESJaHPA8t7bc67KD5spP3+DOCNLhqlEI2ZgQg==} + /@next/swc-win32-arm64-msvc@15.5.7: + resolution: {integrity: sha512-CpJVTkYI3ZajQkC5vajM7/ApKJUOlm6uP4BknM3XKvJ7VXAvCqSjSLmM0LKdYzn6nBJVSjdclx8nYJSa3xlTgQ==} engines: {node: '>= 10'} cpu: [arm64] os: [win32] @@ -1000,8 +1000,8 @@ packages: dev: false optional: true - /@next/swc-win32-x64-msvc@15.5.2: - resolution: {integrity: sha512-W5VvyZHnxG/2ukhZF/9Ikdra5fdNftxI6ybeVKYvBPDtyx7x4jPPSNduUkfH5fo3zG0JQ0bPxgy41af2JX5D4Q==} + /@next/swc-win32-x64-msvc@15.5.7: + resolution: {integrity: sha512-gMzgBX164I6DN+9/PGA+9dQiwmTkE4TloBNx8Kv9UiGARsr9Nba7IpcBRA1iTV9vwlYnrE3Uy6I7Aj6qLjQuqw==} engines: {node: '>= 10'} cpu: [x64] os: [win32] @@ -2243,7 +2243,7 @@ packages: '@typescript-eslint/scope-manager': 5.62.0 '@typescript-eslint/types': 5.62.0 '@typescript-eslint/typescript-estree': 5.62.0(typescript@5.1.3) - debug: 4.3.4 + debug: 4.4.1 eslint: 9.34.0 typescript: 5.1.3 transitivePeerDependencies: @@ -2624,7 +2624,7 @@ packages: resolution: {integrity: sha512-xcLxITLe2HYa1cnYnwCjkOO1PqUHQpozB8x9AR0OgWN2woOBi5kSDVxKfd0b7sb1hw5qFeJhXm9H1nu3xSfLeQ==} engines: {node: '>=10'} dependencies: - tslib: 2.6.2 + tslib: 2.8.1 dev: false /aria-hidden@1.2.6: @@ -3670,7 +3670,7 @@ packages: eslint: '*' eslint-plugin-import: '*' dependencies: - debug: 4.3.4 + debug: 4.4.1 enhanced-resolve: 5.15.1 eslint: 9.34.0 eslint-module-utils: 2.12.1(@typescript-eslint/parser@5.62.0)(eslint-import-resolver-node@0.3.9)(eslint-import-resolver-typescript@3.6.1)(eslint@9.34.0) @@ -6372,12 +6372,6 @@ packages: hasBin: true dev: false - /nanoid@3.3.7: - resolution: {integrity: sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==} - engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1} - hasBin: true - dev: false - /natural-compare@1.4.0: resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==} dev: false @@ -6430,20 +6424,20 @@ packages: - unified dev: false - /next-themes@0.2.1(next@15.5.2)(react-dom@19.1.1)(react@19.1.1): + /next-themes@0.2.1(next@15.5.9)(react-dom@19.1.1)(react@19.1.1): resolution: {integrity: sha512-B+AKNfYNIzh0vqQQKqQItTS8evEouKD7H5Hj3kmuPERwddR2TxvDSFZuTj6T7Jfn1oyeUyJMydPl1Bkxkh0W7A==} peerDependencies: next: '*' react: '*' react-dom: '*' dependencies: - next: 15.5.2(react-dom@19.1.1)(react@19.1.1)(sass@1.64.2) + next: 15.5.9(react-dom@19.1.1)(react@19.1.1)(sass@1.64.2) react: 19.1.1 react-dom: 19.1.1(react@19.1.1) dev: false - /next@15.5.2(react-dom@19.1.1)(react@19.1.1)(sass@1.64.2): - resolution: {integrity: sha512-H8Otr7abj1glFhbGnvUt3gz++0AF1+QoCXEBmd/6aKbfdFwrn0LpA836Ed5+00va/7HQSDD+mOoVhn3tNy3e/Q==} + /next@15.5.9(react-dom@19.1.1)(react@19.1.1)(sass@1.64.2): + resolution: {integrity: sha512-agNLK89seZEtC5zUHwtut0+tNrc0Xw4FT/Dg+B/VLEo9pAcS9rtTKpek3V6kVcVwsB2YlqMaHdfZL4eLEVYuCg==} engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0} hasBin: true peerDependencies: @@ -6463,7 +6457,7 @@ packages: sass: optional: true dependencies: - '@next/env': 15.5.2 + '@next/env': 15.5.9 '@swc/helpers': 0.5.15 caniuse-lite: 1.0.30001596 postcss: 8.4.31 @@ -6472,14 +6466,14 @@ packages: sass: 1.64.2 styled-jsx: 5.1.6(react@19.1.1) optionalDependencies: - '@next/swc-darwin-arm64': 15.5.2 - '@next/swc-darwin-x64': 15.5.2 - '@next/swc-linux-arm64-gnu': 15.5.2 - '@next/swc-linux-arm64-musl': 15.5.2 - '@next/swc-linux-x64-gnu': 15.5.2 - '@next/swc-linux-x64-musl': 15.5.2 - '@next/swc-win32-arm64-msvc': 15.5.2 - '@next/swc-win32-x64-msvc': 15.5.2 + '@next/swc-darwin-arm64': 15.5.7 + '@next/swc-darwin-x64': 15.5.7 + '@next/swc-linux-arm64-gnu': 15.5.7 + '@next/swc-linux-arm64-musl': 15.5.7 + '@next/swc-linux-x64-gnu': 15.5.7 + '@next/swc-linux-x64-musl': 15.5.7 + '@next/swc-win32-arm64-msvc': 15.5.7 + '@next/swc-win32-x64-msvc': 15.5.7 sharp: 0.34.3 transitivePeerDependencies: - '@babel/core' @@ -6877,9 +6871,9 @@ packages: resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==} engines: {node: ^10 || ^12 || >=14} dependencies: - nanoid: 3.3.7 - picocolors: 1.0.0 - source-map-js: 1.0.2 + nanoid: 3.3.11 + picocolors: 1.1.1 + source-map-js: 1.2.1 dev: false /postcss@8.5.6: @@ -7048,7 +7042,7 @@ packages: react: 19.1.1 react-remove-scroll-bar: 2.3.5(@types/react@19.1.12)(react@19.1.1) react-style-singleton: 2.2.1(@types/react@19.1.12)(react@19.1.1) - tslib: 2.6.2 + tslib: 2.8.1 use-callback-ref: 1.3.1(@types/react@19.1.12)(react@19.1.1) use-sidecar: 1.1.2(@types/react@19.1.12)(react@19.1.1) dev: false @@ -8004,10 +7998,6 @@ packages: resolution: {integrity: sha512-4krF8scpejhaOgqzBEcGM7yDIEfi0/8+8zDRZhNZZ2kjmHJ4hv3zCbQWxoJGz1iw5U0Jl0nma13xzHXcncMavQ==} dev: false - /tslib@2.6.2: - resolution: {integrity: sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==} - dev: false - /tslib@2.8.1: resolution: {integrity: sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==} dev: false