From c4f8a872687b5685b9a57947948026e0a75ec587 Mon Sep 17 00:00:00 2001 From: Vercel Date: Thu, 26 Mar 2026 19:00:24 +0000 Subject: [PATCH] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 90ee585..9f828c7 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,7 @@ "jwt-decode": "^4.0.0", "lottie-react": "^2.4.1", "lucide-react": "^0.462.0", - "next": "15.5.7", + "next": "15.5.9", "react": "19.1.2", "react-day-picker": "8.10.1", "react-dom": "19.1.2",