From ce2f0747d85dd5d98beaca4451c029b1fe4027a6 Mon Sep 17 00:00:00 2001 From: Vercel Date: Wed, 14 Jan 2026 10:34:29 +0000 Subject: [PATCH] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- package.json | 2 +- pnpm-lock.yaml | 101 +++++++++++++++++++++++++------------------------ 2 files changed, 52 insertions(+), 51 deletions(-) diff --git a/package.json b/package.json index 1feb166..8a72a23 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "@tailwindcss/line-clamp": "^0.4.4", "@vercel/analytics": "^1.4.1", "lucide-react": "^0.454.0", - "next": "15.0.1", + "next": "15.0.7", "next-i18next": "^15.3.1", "react": "^18.3.1", "react-dom": "^18.3.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index c6524aa..561d2f7 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -28,16 +28,16 @@ importers: version: 0.4.4(tailwindcss@3.4.14(ts-node@10.9.2(@types/node@20.17.0)(typescript@5.6.3))) '@vercel/analytics': specifier: ^1.4.1 - version: 1.4.1(next@15.0.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1) + version: 1.4.1(next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1) lucide-react: specifier: ^0.454.0 version: 0.454.0(react@18.3.1) next: - specifier: 15.0.1 - version: 15.0.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + specifier: 15.0.7 + version: 15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) next-i18next: specifier: ^15.3.1 - version: 15.3.1(i18next@23.16.4)(next@15.0.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-i18next@15.1.0(i18next@23.16.4)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1) + version: 15.3.1(i18next@23.16.4)(next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-i18next@15.1.0(i18next@23.16.4)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1) react: specifier: ^18.3.1 version: 18.3.1 @@ -134,6 +134,7 @@ packages: '@fortawesome/react-fontawesome@0.2.2': resolution: {integrity: sha512-EnkrprPNqI6SXJl//m29hpaNzOp1bruISWaOiRtkMi/xSvHJlzc2j2JAYS7egxt/EbjSNV/k6Xy0AQI6vB2+1g==} + deprecated: v0.2.x is no longer supported. Unless you are still using FontAwesome 5, please update to v3.1.1 or greater. peerDependencies: '@fortawesome/fontawesome-svg-core': ~1 || ~6 react: '>=16.3' @@ -281,56 +282,56 @@ packages: '@jridgewell/trace-mapping@0.3.9': resolution: {integrity: sha512-3Belt6tdc8bPgAtbcmdtNJlirVoTmEb5e2gC94PnkwEW9jI6CAHUeoG85tjWP5WquqfavoMtMwiG4P926ZKKuQ==} - '@next/env@15.0.1': - resolution: {integrity: sha512-lc4HeDUKO9gxxlM5G2knTRifqhsY6yYpwuHspBZdboZe0Gp+rZHBNNSIjmQKDJIdRXiXGyVnSD6gafrbQPvILQ==} + '@next/env@15.0.7': + resolution: {integrity: sha512-g/v9G2Xmv9T6w/DcRdcdVkLuAHnGt5fcJ3C33PmPrrdtUrwrjXcT4jXasdedSbw+koXa4YeEA3nPgy6q2wmk2A==} '@next/eslint-plugin-next@15.0.1': resolution: {integrity: sha512-bKWsMaGPbiFAaGqrDJvbE8b4Z0uKicGVcgOI77YM2ui3UfjHMr4emFPrZTLeZVchi7fT1mooG2LxREfUUClIKw==} - '@next/swc-darwin-arm64@15.0.1': - resolution: {integrity: sha512-C9k/Xv4sxkQRTA37Z6MzNq3Yb1BJMmSqjmwowoWEpbXTkAdfOwnoKOpAb71ItSzoA26yUTIo6ZhN8rKGu4ExQw==} + '@next/swc-darwin-arm64@15.0.5': + resolution: {integrity: sha512-BrNm/9BZoV6QEFKFZdgZRyYwhdhxV8GhW+U4D5cdkT4Wefj7YflAUZNx2FWyBPp7utBPCgJXnVbVLhlDoIfKFg==} engines: {node: '>= 10'} cpu: [arm64] os: [darwin] - '@next/swc-darwin-x64@15.0.1': - resolution: {integrity: sha512-uHl13HXOuq1G7ovWFxCACDJHTSDVbn/sbLv8V1p+7KIvTrYQ5HNoSmKBdYeEKRRCbEmd+OohOgg9YOp8Ux3MBg==} + '@next/swc-darwin-x64@15.0.5': + resolution: {integrity: sha512-SkpRdqyJLhmU6Ip0dHrZ5mLMQgTU0MlTASRwqCj6NXQJ04eS4QzBgEUUOPX+tsUOQ+KSVMgX/iQaWgQHNMyyCQ==} engines: {node: '>= 10'} cpu: [x64] os: [darwin] - '@next/swc-linux-arm64-gnu@15.0.1': - resolution: {integrity: sha512-LvyhvxHOihFTEIbb35KxOc3q8w8G4xAAAH/AQnsYDEnOvwawjL2eawsB59AX02ki6LJdgDaHoTEnC54Gw+82xw==} + '@next/swc-linux-arm64-gnu@15.0.5': + resolution: {integrity: sha512-nk+6BAIkIHTeQg+U1uqGpZ8K1KSAbhq80EkSgpgPC6wBmRkEeBitn4yL9C0fUiEPeZ3zN4yrvI635GG/H2QmSQ==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] - '@next/swc-linux-arm64-musl@15.0.1': - resolution: {integrity: sha512-vFmCGUFNyk/A5/BYcQNhAQqPIw01RJaK6dRO+ZEhz0DncoW+hJW1kZ8aH2UvTX27zPq3m85zN5waMSbZEmANcQ==} + '@next/swc-linux-arm64-musl@15.0.5': + resolution: {integrity: sha512-CozywhydLroNNz1AMKdKKVBuRc0UIBG7TlVgXXn51MdZo4sMbfApOlQFUyuAbKJbe67vd39Yib2lVVVDfLTtfw==} engines: {node: '>= 10'} cpu: [arm64] os: [linux] - '@next/swc-linux-x64-gnu@15.0.1': - resolution: {integrity: sha512-5by7IYq0NCF8rouz6Qg9T97jYU68kaClHPfGpQG2lCZpSYHtSPQF1kjnqBTd34RIqPKMbCa4DqCufirgr8HM5w==} + '@next/swc-linux-x64-gnu@15.0.5': + resolution: {integrity: sha512-VWfvl8toyC/5Rn1GgKfiASYgssCsxz4GtwK2cFKmmnyGfoKubFc6DfCI5MzBoe2Q2gzd2CeZDoT1BhuutSiL7A==} engines: {node: '>= 10'} cpu: [x64] os: [linux] - '@next/swc-linux-x64-musl@15.0.1': - resolution: {integrity: sha512-lmYr6H3JyDNBJLzklGXLfbehU3ay78a+b6UmBGlHls4xhDXBNZfgb0aI67sflrX+cGBnv1LgmWzFlYrAYxS1Qw==} + '@next/swc-linux-x64-musl@15.0.5': + resolution: {integrity: sha512-xCD/V4Z55eFtG2SNyXgG3ciIikcxNe4FgmgcW4xTaEcLY59ZJVLxx4PLve2vDgp7xqvwDD4vvUsJuFMuQ12oGg==} engines: {node: '>= 10'} cpu: [x64] os: [linux] - '@next/swc-win32-arm64-msvc@15.0.1': - resolution: {integrity: sha512-DS8wQtl6diAj0eZTdH0sefykm4iXMbHT4MOvLwqZiIkeezKpkgPFcEdFlz3vKvXa2R/2UEgMh48z1nEpNhjeOQ==} + '@next/swc-win32-arm64-msvc@15.0.5': + resolution: {integrity: sha512-OmKXP/mUzY+AiDFk9PR3RoM6YfgzNYhtSbfvTUDk3PxoCLKnwTZ8xsFoWX2ph/RFC25QucTeAFepouGGsdBPAg==} engines: {node: '>= 10'} cpu: [arm64] os: [win32] - '@next/swc-win32-x64-msvc@15.0.1': - resolution: {integrity: sha512-4Ho2ggvDdMKlZ/0e9HNdZ9ngeaBwtc+2VS5oCeqrbXqOgutX6I4U2X/42VBw0o+M5evn4/7v3zKgGHo+9v/VjA==} + '@next/swc-win32-x64-msvc@15.0.5': + resolution: {integrity: sha512-O34P9asvZtdNQ+4sEczSLruYvM7XEQKY/FCwRAeQQnrWW3tol3VEuv2GtnFb1YHsP3lZtagd11UYJqrs0Y0r2A==} engines: {node: '>= 10'} cpu: [x64] os: [win32] @@ -1337,16 +1338,16 @@ packages: react: '>= 17.0.2' react-i18next: '>= 13.5.0' - next@15.0.1: - resolution: {integrity: sha512-PSkFkr/w7UnFWm+EP8y/QpHrJXMqpZzAXpergB/EqLPOh4SGPJXv1wj4mslr2hUZBAS9pX7/9YLIdxTv6fwytw==} - engines: {node: '>=18.18.0'} + next@15.0.7: + resolution: {integrity: sha512-Vl6fLEuOP1MgtEmDrY51BQr6Bl8oC8vDSHdA10xZWPPZa6e+dOwYNDLWHjvTktNLZkKYySpsW3Yzy4Lo+JORkw==} + engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0} hasBin: true peerDependencies: '@opentelemetry/api': ^1.1.0 '@playwright/test': ^1.41.2 babel-plugin-react-compiler: '*' - react: ^18.2.0 || 19.0.0-rc-69d4b800-20241021 - react-dom: ^18.2.0 || 19.0.0-rc-69d4b800-20241021 + react: ^18.2.0 || 19.0.0-rc-66855b96-20241106 || ^19.0.0 + react-dom: ^18.2.0 || 19.0.0-rc-66855b96-20241106 || ^19.0.0 sass: ^1.3.0 peerDependenciesMeta: '@opentelemetry/api': @@ -2079,34 +2080,34 @@ snapshots: '@jridgewell/resolve-uri': 3.1.2 '@jridgewell/sourcemap-codec': 1.5.0 - '@next/env@15.0.1': {} + '@next/env@15.0.7': {} '@next/eslint-plugin-next@15.0.1': dependencies: fast-glob: 3.3.1 - '@next/swc-darwin-arm64@15.0.1': + '@next/swc-darwin-arm64@15.0.5': optional: true - '@next/swc-darwin-x64@15.0.1': + '@next/swc-darwin-x64@15.0.5': optional: true - '@next/swc-linux-arm64-gnu@15.0.1': + '@next/swc-linux-arm64-gnu@15.0.5': optional: true - '@next/swc-linux-arm64-musl@15.0.1': + '@next/swc-linux-arm64-musl@15.0.5': optional: true - '@next/swc-linux-x64-gnu@15.0.1': + '@next/swc-linux-x64-gnu@15.0.5': optional: true - '@next/swc-linux-x64-musl@15.0.1': + '@next/swc-linux-x64-musl@15.0.5': optional: true - '@next/swc-win32-arm64-msvc@15.0.1': + '@next/swc-win32-arm64-msvc@15.0.5': optional: true - '@next/swc-win32-x64-msvc@15.0.1': + '@next/swc-win32-x64-msvc@15.0.5': optional: true '@nodelib/fs.scandir@2.1.5': @@ -2276,9 +2277,9 @@ snapshots: '@ungap/structured-clone@1.2.0': {} - '@vercel/analytics@1.4.1(next@15.0.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)': + '@vercel/analytics@1.4.1(next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1)': optionalDependencies: - next: 15.0.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + next: 15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) react: 18.3.1 acorn-jsx@5.3.2(acorn@8.13.0): @@ -3262,7 +3263,7 @@ snapshots: natural-compare@1.4.0: {} - next-i18next@15.3.1(i18next@23.16.4)(next@15.0.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-i18next@15.1.0(i18next@23.16.4)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1): + next-i18next@15.3.1(i18next@23.16.4)(next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react-i18next@15.1.0(i18next@23.16.4)(react-dom@18.3.1(react@18.3.1))(react@18.3.1))(react@18.3.1): dependencies: '@babel/runtime': 7.26.0 '@types/hoist-non-react-statics': 3.3.5 @@ -3270,13 +3271,13 @@ snapshots: hoist-non-react-statics: 3.3.2 i18next: 23.16.4 i18next-fs-backend: 2.3.2 - next: 15.0.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + next: 15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1) react: 18.3.1 react-i18next: 15.1.0(i18next@23.16.4)(react-dom@18.3.1(react@18.3.1))(react@18.3.1) - next@15.0.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1): + next@15.0.7(react-dom@18.3.1(react@18.3.1))(react@18.3.1): dependencies: - '@next/env': 15.0.1 + '@next/env': 15.0.7 '@swc/counter': 0.1.3 '@swc/helpers': 0.5.13 busboy: 1.6.0 @@ -3286,14 +3287,14 @@ snapshots: react-dom: 18.3.1(react@18.3.1) styled-jsx: 5.1.6(react@18.3.1) optionalDependencies: - '@next/swc-darwin-arm64': 15.0.1 - '@next/swc-darwin-x64': 15.0.1 - '@next/swc-linux-arm64-gnu': 15.0.1 - '@next/swc-linux-arm64-musl': 15.0.1 - '@next/swc-linux-x64-gnu': 15.0.1 - '@next/swc-linux-x64-musl': 15.0.1 - '@next/swc-win32-arm64-msvc': 15.0.1 - '@next/swc-win32-x64-msvc': 15.0.1 + '@next/swc-darwin-arm64': 15.0.5 + '@next/swc-darwin-x64': 15.0.5 + '@next/swc-linux-arm64-gnu': 15.0.5 + '@next/swc-linux-arm64-musl': 15.0.5 + '@next/swc-linux-x64-gnu': 15.0.5 + '@next/swc-linux-x64-musl': 15.0.5 + '@next/swc-win32-arm64-msvc': 15.0.5 + '@next/swc-win32-x64-msvc': 15.0.5 sharp: 0.33.5 transitivePeerDependencies: - '@babel/core'