From cd987f62c0f7f5dd4dd4d76efba5f2ba92f90c35 Mon Sep 17 00:00:00 2001 From: Vercel Date: Tue, 9 Dec 2025 09:00:57 +0000 Subject: [PATCH] Update packages to fix React Flight RCE advisory Updated dependencies to fix Next.js CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2d175e7..c285e6a 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "embla-carousel-react": "8.5.1", "input-otp": "1.4.1", "lucide-react": "^0.454.0", - "next": "15.2.4", + "next": "15.2.6", "next-themes": "^0.4.4", "prismjs": "^1.30.0", "qrcode": "^1.5.4",