neoris/meet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: neoris:lukas/exp-client
Branches Tags
neoris:main
neoris:renovate/major-eslint-monorepo
neoris:renovate/devdependencies-(non-major)
neoris:renovate/major-nextjs-monorepo
neoris:renovate/react-hot-toast-2.x-lockfile
neoris:renovate/npm-next-vulnerability
neoris:renovate/actions-setup-node-6.x
neoris:renovate/pnpm-10.x
neoris:renovate/livekit-dependencies-(non-major)
neoris:renovate/major-vitest-monorepo
neoris:lukas/storm-debug
neoris:lukas/breakout
neoris:vercel/react-server-components-cve-vu-ruirju
neoris:nikita/subtitles-agent
neoris:lukas/exp-client
neoris:sandbox-production
neoris:mk/separate-control-bar
neoris:translator
neoris:tobias/ptt
neoris:next-15
neoris:lukas/update-lk-deps
neoris:tf/template-graphic
neoris:lukas/update-lk
neoris:test-pages-deployment
neoris:update-to-connection-details
neoris:gitbutler/integration
neoris:lukas/debug-e2ee
neoris:lukas/update-lk-client
...
pull from: neoris:main
Branches Tags
neoris:renovate/major-eslint-monorepo
neoris:renovate/devdependencies-(non-major)
neoris:renovate/major-nextjs-monorepo
neoris:renovate/react-hot-toast-2.x-lockfile
neoris:renovate/npm-next-vulnerability
neoris:renovate/actions-setup-node-6.x
neoris:renovate/pnpm-10.x
neoris:renovate/livekit-dependencies-(non-major)
neoris:renovate/major-vitest-monorepo
neoris:main
neoris:lukas/storm-debug
neoris:lukas/breakout
neoris:vercel/react-server-components-cve-vu-ruirju
neoris:nikita/subtitles-agent
neoris:lukas/exp-client
neoris:sandbox-production
neoris:mk/separate-control-bar
neoris:translator
neoris:tobias/ptt
neoris:next-15
neoris:lukas/update-lk-deps
neoris:tf/template-graphic
neoris:lukas/update-lk
neoris:test-pages-deployment
neoris:update-to-connection-details
neoris:gitbutler/integration
neoris:lukas/debug-e2ee
neoris:lukas/update-lk-client

9 Commits
lukas/exp- ... main

Author SHA1 Message Date
lukasIO
12cee3ed06
Update livekit dependencies (#512) 2026-02-19 17:07:12 +01:00
renovate[bot]
2220072d47
chore(deps): update dependency node to v24 (#491) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-19 16:56:32 +01:00
renovate[bot]
392ca136de
fix(deps): update dependency @livekit/krisp-noise-filter to v0.4.1 (#505) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-19 16:54:36 +01:00
renovate[bot]
3a75f3222f
fix(deps): update livekit dependencies (non-major) (#499) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-10 16:24:35 +01:00
vercel[bot]
f80673aba8
Fix React Server Components CVE vulnerabilities (#503) 
Updated dependencies to fix Next.js and React CVE vulnerabilities.

The fix-react2shell-next tool automatically updated the following packages to their secure versions:
- next
- react-server-dom-webpack
- react-server-dom-parcel  
- react-server-dom-turbopack

All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory.

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
 2025-12-26 11:35:52 +01:00
vercel[bot]
690dc1011a
Update Next.js/React Flight RCE vulnerability patches (#501) 
## React Flight / Next.js RCE Advisory - Security Update

### Summary
Updated the project to address the React Flight / Next.js RCE advisory (CVE-2024-50383) by upgrading Next.js to the patched version.

### Vulnerability Assessment
 **Project is affected by the advisory:**
- Uses **Next.js 15.2.x** (vulnerable version range)
- Does NOT use React Flight packages (react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack)
- Uses React 18.3.1 (not vulnerable React 19.x versions)

### Changes Made

#### Modified Files:
1. **package.json**
   - Upgraded `next` from `15.2.4` to `15.2.6` (patched version for 15.2.x)
   - No React or React DOM changes required (Next.js manages its own patched React versions)

2. **pnpm-lock.yaml**
   - Updated lockfile to reflect `next@15.2.6` installation
   - All dependencies resolved correctly with patched versions

### Implementation Details
- This project is a Next.js 15 application without React Server Components/Flight
- The RCE vulnerability in Next.js 15.2.x is addressed by upgrading to 15.2.6
- No React Flight packages required updating since they are not used
- React versions (18.3.1) are not affected by this vulnerability

### Build Status
⚠️ **Note on Pre-existing Issue:**
The build fails due to corrupted image files in `public/background-images/` (pre-existing issue):
- `ali-kazal-tbw_KQE3Cbg-unsplash.jpg` (130 bytes - should be larger)
- `samantha-gades-BlIhVfXbi9s-unsplash.jpg` (132 bytes - should be larger)

This image corruption issue exists in the original codebase and is unrelated to the security update. The Next.js upgrade to 15.2.6 itself is successful and the patched version is correctly installed.

### Testing
- Verified dependency installation with `pnpm install`
- Confirmed lockfile contains `next@15.2.6`
- Confirmed no React Flight packages are used
- Pre-existing image corruption prevents full build, but dependency upgrade is verified

### Security Impact
 **Successfully patched against CVE-2024-50383**
- Next.js upgraded to 15.2.6 (patched version for 15.2.x)
- No vulnerable React Flight packages in use
- React versions remain compatible and secure

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
 2025-12-08 12:50:11 +01:00
renovate[bot]
6de1bc8cc6
fix(deps): update dependency livekit-server-sdk to v2.14.2 (#495) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-04 09:33:18 +00:00
renovate[bot]
563925f757
chore(deps): update actions/checkout action to v6 (#497) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-03 22:31:46 -08:00
renovate[bot]
0b62ed930e
chore(deps): update devdependencies (non-major) (#480) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-11-29 20:58:17 -08:00
3 changed files with 685 additions and 663 deletions
Show Stats Expand all files Collapse all files

4
.github/workflows/test.yaml vendored
View File

@ -11,12 +11,12 @@ jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- uses: pnpm/action-setup@v4
- name: Use Node.js 22
uses: actions/setup-node@v4
with:
node-version: 22
node-version: 24
cache: 'pnpm'
- name: Install dependencies

24
package.json
View File

@ -14,27 +14,27 @@
},
"dependencies": {
"@datadog/browser-logs": "^5.23.3",
"@livekit/components-react": "2.9.16",
"@livekit/components-react": "2.9.19",
"@livekit/components-styles": "1.2.0",
"@livekit/krisp-noise-filter": "0.3.4",
"@livekit/track-processors": "^0.6.0",
"livekit-client": "2.16.0",
"livekit-server-sdk": "2.14.1",
"next": "15.2.4",
"@livekit/krisp-noise-filter": "0.4.1",
"@livekit/track-processors": "^0.7.0",
"livekit-client": "2.17.2",
"livekit-server-sdk": "2.15.0",
"next": "15.2.8",
"react": "18.3.1",
"react-dom": "18.3.1",
"react-hot-toast": "^2.5.2",
"tinykeys": "^3.0.0"
},
"devDependencies": {
"@types/node": "22.17.2",
"@types/react": "18.3.23",
"@types/node": "24.10.13",
"@types/react": "18.3.27",
"@types/react-dom": "18.3.7",
"eslint": "9.33.0",
"eslint-config-next": "15.4.6",
"prettier": "3.6.2",
"eslint": "9.39.1",
"eslint-config-next": "15.5.6",
"prettier": "3.7.3",
"source-map-loader": "^5.0.0",
"typescript": "5.9.2",
"typescript": "5.9.3",
"vitest": "^3.2.4"
},
"engines": {

1320
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff