From edfdc68c7ea40d2fc621db97ecbccacfc7bab990 Mon Sep 17 00:00:00 2001 From: Vercel Date: Tue, 24 Feb 2026 10:43:03 +0000 Subject: [PATCH] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 08c7def..25ebf25 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "antlr4ts": "^0.5.0-alpha.4", "framer-motion": "^12.6.3", "glslify-loader": "^2.0.0", - "next": "15.2.4", + "next": "15.2.8", "raw-loader": "^4.0.2", "react": "^19.0.0", "react-dom": "^19.0.0",