From f14dfb9c32d607acf955cb1193766d009198befb Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Thu, 15 Jan 2026 09:32:37 +0000 Subject: [PATCH] Bump React to 19.x stable (CVE-2025-55182) Co-authored-by: arhan.busam --- package-lock.json | 26 +++++++++++----------- package.json | 4 ++-- src/app/githubApi.ts | 52 +++++++++++++++++++++++++++++--------------- 3 files changed, 49 insertions(+), 33 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3991f86..4c3cc93 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,8 +11,8 @@ "jose": "^5.9.6", "next": "15.0.7", "octokit": "^4.0.2", - "react": "19.0.0-rc-66855b96-20241106", - "react-dom": "19.0.0-rc-66855b96-20241106" + "react": "^19.0.1", + "react-dom": "^19.0.1" }, "devDependencies": { "@types/node": "^20", @@ -4872,24 +4872,24 @@ "license": "MIT" }, "node_modules/react": { - "version": "19.0.0-rc-66855b96-20241106", - "resolved": "https://registry.npmjs.org/react/-/react-19.0.0-rc-66855b96-20241106.tgz", - "integrity": "sha512-klH7xkT71SxRCx4hb1hly5FJB21Hz0ACyxbXYAECEqssUjtJeFUAaI2U1DgJAzkGEnvEm3DkxuBchMC/9K4ipg==", + "version": "19.2.3", + "resolved": "https://registry.npmjs.org/react/-/react-19.2.3.tgz", + "integrity": "sha512-Ku/hhYbVjOQnXDZFv2+RibmLFGwFdeeKHFcOTlrt7xplBnya5OGn/hIRDsqDiSUcfORsDC7MPxwork8jBwsIWA==", "license": "MIT", "engines": { "node": ">=0.10.0" } }, "node_modules/react-dom": { - "version": "19.0.0-rc-66855b96-20241106", - "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.0.0-rc-66855b96-20241106.tgz", - "integrity": "sha512-D25vdaytZ1wFIRiwNU98NPQ/upS2P8Co4/oNoa02PzHbh8deWdepjm5qwZM/46OdSiGv4WSWwxP55RO9obqJEQ==", + "version": "19.2.3", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.3.tgz", + "integrity": "sha512-yELu4WmLPw5Mr/lmeEpox5rw3RETacE++JgHqQzd2dg+YbJuat3jH4ingc+WPZhxaoFzdv9y33G+F7Nl5O0GBg==", "license": "MIT", "dependencies": { - "scheduler": "0.25.0-rc-66855b96-20241106" + "scheduler": "^0.27.0" }, "peerDependencies": { - "react": "19.0.0-rc-66855b96-20241106" + "react": "^19.2.3" } }, "node_modules/react-is": { @@ -5091,9 +5091,9 @@ } }, "node_modules/scheduler": { - "version": "0.25.0-rc-66855b96-20241106", - "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.25.0-rc-66855b96-20241106.tgz", - "integrity": "sha512-HQXp/Mnp/MMRSXMQF7urNFla+gmtXW/Gr1KliuR0iboTit4KvZRY8KYaq5ccCTAOJiUqQh2rE2F3wgUekmgdlA==", + "version": "0.27.0", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.27.0.tgz", + "integrity": "sha512-eNv+WrVbKu1f3vbYJT/xtiF5syA5HPIMtf9IgY/nKg0sWqzAUEvqY/xm7OcZc/qafLx/iO9FgOmeSAp4v5ti/Q==", "license": "MIT" }, "node_modules/semver": { diff --git a/package.json b/package.json index 194abd1..331c0cb 100644 --- a/package.json +++ b/package.json @@ -12,8 +12,8 @@ "jose": "^5.9.6", "next": "15.0.7", "octokit": "^4.0.2", - "react": "19.0.0-rc-66855b96-20241106", - "react-dom": "19.0.0-rc-66855b96-20241106" + "react": "^19.0.1", + "react-dom": "^19.0.1" }, "devDependencies": { "@types/node": "^20", diff --git a/src/app/githubApi.ts b/src/app/githubApi.ts index 5bb77fa..f595426 100644 --- a/src/app/githubApi.ts +++ b/src/app/githubApi.ts @@ -4,19 +4,35 @@ import { Octokit } from "octokit"; import { Repo } from "@/types/repo"; import { createAppAuth } from "@octokit/auth-app"; -const octokit = new Octokit({ - authStrategy: createAppAuth, - auth: { - appId: process.env.GITHUB_APP_ID, - privateKey: process.env.GITHUB_PRIVATE_KEY, - clientId: process.env.GITHUB_CLIENT_ID, - clientSecret: process.env.GITHUB_CLIENT_SECRET, - installationId: process.env.GITHUB_INSTALLATION_ID, - }, -}); +function getRequiredEnv(name: string) { + const value = process.env[name]; + if (!value) { + throw new Error(`Missing required environment variable: ${name}`); + } + return value; +} + +let octokit: Octokit | null = null; +function getOctokit() { + if (octokit) return octokit; + + // Ensure we don't throw during module evaluation (e.g. at build time). + octokit = new Octokit({ + authStrategy: createAppAuth, + auth: { + appId: Number(getRequiredEnv("GITHUB_APP_ID")), + privateKey: getRequiredEnv("GITHUB_PRIVATE_KEY").replace(/\\n/g, "\n"), + clientId: getRequiredEnv("GITHUB_CLIENT_ID"), + clientSecret: getRequiredEnv("GITHUB_CLIENT_SECRET"), + installationId: Number(getRequiredEnv("GITHUB_INSTALLATION_ID")), + }, + }); + + return octokit; +} export async function getUser(username: string) { - const request = octokit.request("GET /users/{username}", { + const request = getOctokit().request("GET /users/{username}", { username: username, headers: { "X-GitHub-Api-Version": "2022-11-28", @@ -28,7 +44,7 @@ export async function getUser(username: string) { } export async function getRepos(username: string) { - const request = octokit.request("GET /users/{username}/repos", { + const request = getOctokit().request("GET /users/{username}/repos", { username: username, headers: { "X-GitHub-Api-Version": "2022-11-28", @@ -62,7 +78,7 @@ export async function getCommits(username: string) { const currentYear = new Date().getFullYear(); const startDate = `${currentYear}-01-01`; const endDate = `${currentYear}-12-31`; - const request = octokit.request( + const request = getOctokit().request( "GET /search/commits?q=author:{username}+committer-date:{startDate}..{endDate}", { username: username, @@ -87,7 +103,7 @@ export async function getCommitsLastYear(username: string) { const currentYear = new Date().getFullYear(); const startDate = `${currentYear - 1}-01-01`; const endDate = `${currentYear - 1}-12-31`; - const request = octokit.request( + const request = getOctokit().request( "GET /search/commits?q=author:{username}+committer-date:{startDate}..{endDate}", { username: username, @@ -112,7 +128,7 @@ export async function getPullRequestsMerged(username: string) { const currentYear = new Date().getFullYear(); const startDate = `${currentYear}-01-01`; const endDate = `${currentYear}-12-31`; - const request = octokit.request( + const request = getOctokit().request( "GET /search/issues?q=type:{pr}+author:{username}+is:{merged}+merged:{startDate}..{endDate}", { username: username, @@ -138,7 +154,7 @@ export async function getPullRequestsMergedLastYear(username: string) { const currentYear = new Date().getFullYear(); const startDate = `${currentYear - 1}-01-01`; const endDate = `${currentYear - 1}-12-31`; - const request = octokit.request( + const request = getOctokit().request( "GET /search/issues?q=type:{pr}+author:{username}+is:{merged}+merged:{startDate}..{endDate}", { username: username, @@ -165,7 +181,7 @@ export async function getIssuesOpened(username: string) { const currentYear = new Date().getFullYear(); const startDate = `${currentYear}-01-01`; const endDate = `${currentYear}-12-31`; - const request = octokit.request( + const request = getOctokit().request( "GET /search/issues?q=author:{username}+is:{issue}+created:{startDate}..{endDate}", { username: username, @@ -191,7 +207,7 @@ export async function getIssuesOpenedLastYear(username: string) { const currentYear = new Date().getFullYear(); const startDate = `${currentYear - 1}-01-01`; const endDate = `${currentYear - 1}-12-31`; - const request = octokit.request( + const request = getOctokit().request( "GET /search/issues?q=author:{username}+is:{issue}+created:{startDate}..{endDate}", { username: username,