From 6ded88b99865d368388498e0ed71c3182f5e7c84 Mon Sep 17 00:00:00 2001 From: Vercel Date: Mon, 19 Jan 2026 15:10:20 +0000 Subject: [PATCH] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 472344b..516767e 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "caniuse-lite": "^1.0.30001749", "gray-matter": "^4.0.3", "lottie-react": "^2.4.1", - "next": "^14.2.5", + "next": "14.2.35", "next-mdx-remote": "^5.0.0", "next-sitemap": "^4.0.5", "prettier": "^2.8.1",