Fix React Server Components CVE vulnerabilities

Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
2025-12-12 17:42:43 +00:00
2 changed files with 10 additions and 10 deletions
--- a/package.json
+++ b/package.json
@ -20,7 +20,7 @@
    "@livekit/track-processors": "^0.6.0",
    "livekit-client": "2.16.0",
    "livekit-server-sdk": "2.14.2",
-    "next": "15.2.6",
+    "next": "15.2.8",
    "react": "18.3.1",
    "react-dom": "18.3.1",
    "react-hot-toast": "^2.5.2",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -30,8 +30,8 @@ importers:
        specifier: 2.14.2
        version: 2.14.2
      next:
-        specifier: 15.2.6
+        specifier: 15.2.8
-        version: 15.2.6(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
+        version: 15.2.8(react-dom@18.3.1(react@18.3.1))(react@18.3.1)
      react:
        specifier: 18.3.1
        version: 18.3.1
@ -483,8 +483,8 @@ packages:
  '@mediapipe/tasks-vision@0.10.14':
    resolution: {integrity: sha512-vOifgZhkndgybdvoRITzRkIueWWSiCKuEUXXK6Q4FaJsFvRJuwgg++vqFUMlL0Uox62U5aEXFhHxlhV7Ja5e3Q==}
-  '@next/env@15.2.6':
+  '@next/env@15.2.8':
-    resolution: {integrity: sha512-kp1Mpm4K1IzSSJ5ZALfek0JBD2jBw9VGMXR/aT7ykcA2q/ieDARyBzg+e8J1TkeIb5AFj/YjtZdoajdy5uNy6w==}
+    resolution: {integrity: sha512-TaEsAki14R7BlgywA05t2PFYfwZiNlGUHyIQHVyloXX3y+Dm0HUITe5YwTkjtuOQuDhuuLotNEad4VtnmE11Uw==}
  '@next/eslint-plugin-next@15.5.6':
    resolution: {integrity: sha512-YxDvsT2fwy1j5gMqk3ppXlsgDopHnkM4BoxSVASbvvgh5zgsK8lvWerDzPip8k3WVzsTZ1O7A7si1KNfN4OZfQ==}
@ -1721,8 +1721,8 @@ packages:
  neo-async@2.6.2:
    resolution: {integrity: sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==}
-  next@15.2.6:
+  next@15.2.8:
-    resolution: {integrity: sha512-DIKFctUpZoCq5ok2ztVU+PqhWsbiqM9xNP7rHL2cAp29NQcmDp7Y6JnBBhHRbFt4bCsCZigj6uh+/Gwh2158Wg==}
+    resolution: {integrity: sha512-pe2trLKZTdaCuvNER0S9Wp+SP2APf7SfFmyUP9/w1SFA2UqmW0u+IsxCKkiky3n6um7mryaQIlgiDnKrf1ZwIw==}
    engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0}
    hasBin: true
    peerDependencies:
@ -2641,7 +2641,7 @@ snapshots:
  '@mediapipe/tasks-vision@0.10.14': {}
-  '@next/env@15.2.6': {}
+  '@next/env@15.2.8': {}
  '@next/eslint-plugin-next@15.5.6':
    dependencies:
@ -4063,9 +4063,9 @@ snapshots:
  neo-async@2.6.2: {}
-  next@15.2.6(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
+  next@15.2.8(react-dom@18.3.1(react@18.3.1))(react@18.3.1):
    dependencies:
-      '@next/env': 15.2.6
+      '@next/env': 15.2.8
      '@swc/counter': 0.1.3
      '@swc/helpers': 0.5.15
      busboy: 1.6.0