Skip to content

Commit 0c93b6a

Browse files
committed
Version Packages (canary)
1 parent c7c416a commit 0c93b6a

3 files changed

Lines changed: 9 additions & 9 deletions

File tree

.changeset/security-bump-nextjs-react.md

Lines changed: 0 additions & 8 deletions
This file was deleted.

core/CHANGELOG.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,13 @@
11
# Changelog
22

3+
## 1.6.3
4+
5+
### Patch Changes
6+
7+
- [#3007](https://github.com/bigcommerce/catalyst/pull/3007) [`13b3c2e`](https://github.com/bigcommerce/catalyst/commit/13b3c2e5c85bf47a07e999315a8f12988ab96d3f) Thanks [@chanceaclark](https://github.com/chanceaclark)! - Bump Next.js and React to address security vulnerabilities
8+
- `next`: ~16.1.6 → ~16.2.6 — fixes middleware bypass, SSRF, XSS, and cache poisoning CVEs
9+
- `react` / `react-dom`: 19.1.5 → 19.1.7 — fixes GHSA-rv78-f8rc-xrxh (DoS via OOM/CPU exhaustion on server function endpoints)
10+
311
## 1.6.2
412

513
### Patch Changes

core/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"name": "@bigcommerce/catalyst-core",
33
"description": "BigCommerce Catalyst is a Next.js starter kit for building headless BigCommerce storefronts.",
4-
"version": "1.6.2",
4+
"version": "1.6.3",
55
"private": true,
66
"engines": {
77
"node": ">=24.0.0"

0 commit comments

Comments
 (0)