From c2867b680d05d71ac9fd25d8185fa4e8b6507341 Mon Sep 17 00:00:00 2001 From: Vercel Date: Fri, 12 Dec 2025 18:43:37 +0000 Subject: [PATCH] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index c0d58de..8dfd3e1 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,7 @@ "embla-carousel-react": "^8.6.0", "jstz": "^2.1.1", "jszip": "^3.10.1", - "next": "^15.3.5", + "next": "15.3.8", "pako": "^2.1.0", "react": "18.2.0", "react-dom": "18.2.0",