Skip to content

chore: bump react to 19.1.2 to fix CVE-2025-55182#246

Open
mzygar wants to merge 2 commits into
nextjs:mainfrom
mzygar:main
Open

chore: bump react to 19.1.2 to fix CVE-2025-55182#246
mzygar wants to merge 2 commits into
nextjs:mainfrom
mzygar:main

Conversation

@mzygar

@mzygar mzygar commented Feb 23, 2026

Copy link
Copy Markdown

In #235 only the Next.js vulnerability was fixed. The repo is still using vulnerable React Server Components implementation from React 19.1.0. This PR fixes it by upgrading react version


Reference:

@vercel

vercel Bot commented Feb 23, 2026

Copy link
Copy Markdown

@mzygar is attempting to deploy a commit to the Vercel Team on Vercel.

A member of the Team first needs to authorize it.

Comment thread package.json
@mzygar

mzygar commented Feb 23, 2026

Copy link
Copy Markdown
Author

This PR should also fix the blocked deployment at Vercel https://vercel.com/templates/next.js/next-js-saas-starter

@mzygar

mzygar commented Mar 4, 2026

Copy link
Copy Markdown
Author

@ctate could you please have a look? this is complementary to your previous PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant