Skip to content

Fix React Server Components CVE vulnerabilities #662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kenjonespizza merged 2 commits into from
Dec 12, 2025
Merged

Fix React Server Components CVE vulnerabilities #662

kenjonespizza merged 2 commits into from
Dec 12, 2025

Conversation

@malewis5
Copy link
Contributor

@malewis5 malewis5 commented Dec 12, 2025

This PR upgrades dependencies to patch a security vulnerability.

Action required

Please review the changes and run a quick test. If everything looks correct, you can merge this PR. If you prefer to upgrade manually, feel free to close this and apply your own fix.

Thank you.

@malewis5
fix: Fix React Server Components CVE vulnerabilities
484f487 
Updated dependencies to fix Next.js and React CVE vulnerabilities.

The fix-react2shell-next tool automatically updated the following packages to their secure versions:
- next
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack

All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory.
@vercel
Copy link

vercel bot commented Dec 12, 2025

@malewis5 is attempting to deploy a commit to the Sanity Sandbox Team on Vercel.

A member of the Team first needs to authorize it.

@socket-security
Copy link

socket-security bot commented Dec 12, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​next@​15.5.8 ⏵ 15.5.983 +110091 +19870

View full report

@kenjonespizza
Copy link
Contributor

kenjonespizza commented Dec 12, 2025

Hi @malewis5 👋 Thanks! Im happy for you to set me as a review when this is ready 😄 . Thanks you!

@malewis5
Copy link
Contributor Author

malewis5 commented Dec 12, 2025

Hi @kenjonespizza! This was left as a draft so your team can decide whether or not to continue. This was an automated effort so we left them all as drafts.

@kenjonespizza
Copy link
Contributor

kenjonespizza commented Dec 12, 2025

Perfy Murphy! Thank you!

@kenjonespizza kenjonespizza marked this pull request as ready for review December 12, 2025 16:49
@kenjonespizza kenjonespizza requested a review from a team as a code owner December 12, 2025 16:49
@vercel
Copy link

vercel bot commented Dec 12, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
nextjs-blog-cms-sanity-v3 Ready Ready Preview Comment Dec 12, 2025 4:51pm

kenjonespizza
kenjonespizza approved these changes Dec 12, 2025
View reviewed changes
Copy link
Contributor

@kenjonespizza kenjonespizza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!!

@kenjonespizza kenjonespizza merged commit a9b2be1 into sanity-io:main Dec 12, 2025
5 checks passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 13, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@kenjonespizza kenjonespizza kenjonespizza approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@malewis5 @kenjonespizza