Skip to content

Update React and Next dependencies for CVE-2025-55182 #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
robbie-c merged 1 commit into from
Dec 4, 2025
Merged

Update React and Next dependencies for CVE-2025-55182 #39

robbie-c merged 1 commit into from
Dec 4, 2025

Conversation

@robbie-c
Copy link
Member

@robbie-c robbie-c commented Dec 4, 2025

Update dependencies to fix critical RCE vulnerability in React Server Components:

  • next-app-router: Next.js 15.5.2 -> 15.5.7, React 19.1.0 -> 19.1.2
  • next-pages-router: Next.js 15.5.5 -> 15.5.7, React 19.1.0 -> 19.1.2
  • react-react-router: React ^19.1.1 -> ^19.1.2
  • react-tanstack-router: React ^19.2.0 -> ^19.2.1
  • tanstack-start: React ^19.2.0 -> ^19.2.1

Also fixes ESLint errors for unescaped apostrophes in profile pages.

@claude
Fix CVE-2025-55182: Update React and Next.js to patched versions
83fbf47 
Update dependencies to fix critical RCE vulnerability in React Server Components:

- next-app-router: Next.js 15.5.2 -> 15.5.7, React 19.1.0 -> 19.1.2
- next-pages-router: Next.js 15.5.5 -> 15.5.7, React 19.1.0 -> 19.1.2
- react-react-router: React ^19.1.1 -> ^19.1.2
- react-tanstack-router: React ^19.2.0 -> ^19.2.1
- tanstack-start: React ^19.2.0 -> ^19.2.1

Also fixes ESLint errors for unescaped apostrophes in profile pages.
@wiz-7ad640923b
Copy link

wiz-7ad640923b bot commented Dec 4, 2025

Wiz Scan Summary

Scanner Findings
Vulnerability Finding Vulnerabilities 2 Medium
Data Finding Sensitive Data -
Secret Finding Secrets -
IaC Misconfiguration IaC Misconfigurations -
SAST Finding SAST Findings -
Total 2 Medium

View scan details in Wiz

To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.

@robbie-c robbie-c requested review from daniloc, edwinyjlim and gewenyu99 and removed request for edwinyjlim December 4, 2025 10:43
@robbie-c robbie-c merged commit a3dd7b2 into main Dec 4, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gewenyu99 gewenyu99 Awaiting requested review from gewenyu99

@edwinyjlim edwinyjlim Awaiting requested review from edwinyjlim

@daniloc daniloc Awaiting requested review from daniloc

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@robbie-c @claude