diff --git a/.changeset/clever-regions-mate.md b/.changeset/clever-regions-mate.md deleted file mode 100644 index e9f8c71bc9..0000000000 --- a/.changeset/clever-regions-mate.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -"@bigcommerce/catalyst-makeswift": patch ---- - -Catalyst has been upgraded to Next.js 15.5.9. This is a patch version upgrade that requires migration steps for existing stores to fix a security vulnerability. - -## 🔒 Security Update - -**This upgrade addresses a security vulnerability ([CVE-2025-55184 + CVE-2025-55183](https://nextjs.org/blog/security-update-2025-12-11))** that affects React Server Components. These vulnerabilities allow a Denial of Service attack and Source Code Exposure attach. This upgrade includes: - -- Next.js 15.5.9 with the security patch -- React 19.1.4 and React DOM 19.1.4 with the security patch - -**All users are strongly encouraged to upgrade immediately.** - -## Key Changes - -- ⚡ **Next.js 15.5.9**: Upgraded from Next.js 15.5.7 to 15.5.9 -- ⚛️ **React 19**: Upgraded to React 19.1.4 and React DOM 19.1.4 - -## Migration Guide - -### Update Dependencies - -If you're maintaining a custom Catalyst store, update your `package.json`: - -```json -{ - "dependencies": { - "next": "15.5.9", - "react": "19.1.4", - "react-dom": "19.1.4" - }, - "devDependencies": { - "@next/bundle-analyzer": "15.5.9", - "eslint-config-next": "15.5.9" - } -} -``` - -Then run: - -```bash -pnpm install -``` diff --git a/core/CHANGELOG.md b/core/CHANGELOG.md index 265448e3d3..6fa2583312 100644 --- a/core/CHANGELOG.md +++ b/core/CHANGELOG.md @@ -1,5 +1,49 @@ # Changelog +## 1.3.8 + +### Patch Changes + +- [#2773](https://github.com/bigcommerce/catalyst/pull/2773) [`b475a36`](https://github.com/bigcommerce/catalyst/commit/b475a3670a3a9b265e4fddddd506bfea943772cf) Thanks [@chanceaclark](https://github.com/chanceaclark)! - Catalyst has been upgraded to Next.js 15.5.9. This is a patch version upgrade that requires migration steps for existing stores to fix a security vulnerability. + + ## 🔒 Security Update + + **This upgrade addresses a security vulnerability ([CVE-2025-55184 + CVE-2025-55183](https://nextjs.org/blog/security-update-2025-12-11))** that affects React Server Components. These vulnerabilities allow a Denial of Service attack and Source Code Exposure attach. This upgrade includes: + - Next.js 15.5.9 with the security patch + - React 19.1.4 and React DOM 19.1.4 with the security patch + + **All users are strongly encouraged to upgrade immediately.** + + ## Key Changes + - ⚡ **Next.js 15.5.9**: Upgraded from Next.js 15.5.7 to 15.5.9 + - ⚛️ **React 19**: Upgraded to React 19.1.4 and React DOM 19.1.4 + + ## Migration Guide + + ### Update Dependencies + + If you're maintaining a custom Catalyst store, update your `package.json`: + + ```json + { + "dependencies": { + "next": "15.5.9", + "react": "19.1.4", + "react-dom": "19.1.4" + }, + "devDependencies": { + "@next/bundle-analyzer": "15.5.9", + "eslint-config-next": "15.5.9" + } + } + ``` + + Then run: + + ```bash + pnpm install + ``` + ## 1.3.7 ### Patch Changes diff --git a/core/package.json b/core/package.json index 3ba8149a15..fa71b24b67 100644 --- a/core/package.json +++ b/core/package.json @@ -1,7 +1,7 @@ { "name": "@bigcommerce/catalyst-makeswift", "description": "BigCommerce Catalyst is a Next.js starter kit for building headless BigCommerce storefronts.", - "version": "1.3.7", + "version": "1.3.8", "private": true, "scripts": { "dev": "npm run generate && next dev",