mirror of
https://github.com/learnhouse/docs.git
synced 2026-02-18 00:07:39 +01:00
6336099f52
React Flight / Next.js RCE Advisory - Patch Applied SUMMARY: This project was affected by the React Flight / Next.js RCE advisory and has been successfully patched. VULNERABILITY DETAILS: - The project used Next.js 15.5.6 (vulnerable version in the 15.5.x line) - Requirement: Upgrade to 15.5.7 (patched version) - React Flight packages: Not used (not affected) - React/React-DOM: Using 18.3.1 (not vulnerable 19.x versions) CHANGES APPLIED: 1. Updated Next.js from ^15.5.6 to 15.5.7 - File: package.json - Changed: "next": "^15.5.6" → "next": "15.5.7" - Reason: Fixed vulnerable caret dependency to pinned patched version 2. Updated lockfiles - pnpm-lock.yaml: Updated to reflect next@15.5.7 - package-lock.json: Updated to reflect next@15.5.7 VERIFICATION: ✓ Next.js version: 15.5.7 (patched) ✓ React version: 18.3.1 (not vulnerable) ✓ React-DOM version: 18.3.1 (not vulnerable) ✓ No React Flight packages present ✓ Lockfiles correctly resolve to patched version SECURITY STATUS: RESOLVED The project now uses the patched version of Next.js 15.5.7 and is no longer vulnerable to the React Flight / Next.js RCE advisory. Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>