From 67c24765390e55a916799fab07e33539f0561dfa Mon Sep 17 00:00:00 2001 From: Vercel Date: Tue, 16 Dec 2025 16:22:58 +0000 Subject: [PATCH 1/2] Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel --- docs/package.json | 2 +- packages/debugger/package.json | 4 ++-- templates/next-starter-with-examples/package.json | 2 +- templates/next-utils-starter/package.json | 2 +- templates/next/package.json | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/package.json b/docs/package.json index 7655011f..b409a265 100644 --- a/docs/package.json +++ b/docs/package.json @@ -11,7 +11,7 @@ "dependencies": { "frames.js": "0.22.0", "lucide-react": "^0.372.0", - "next": "14.1.4", + "next": "14.2.35", "react": "^18.2.0", "react-dom": "18.2.0", "vocs": "1.0.0-alpha.46" diff --git a/packages/debugger/package.json b/packages/debugger/package.json index 19efee8c..12217d15 100644 --- a/packages/debugger/package.json +++ b/packages/debugger/package.json @@ -19,7 +19,7 @@ "@farcaster/frame-sdk": "^0.0.26", "@xmtp/xmtp-js": "^12.0.0", "is-port-reachable": "^4.0.0", - "next": "14.1.4", + "next": "14.2.35", "open": "^10.0.3", "react": "^18.2.0", "react-dom": "^18.2.0", @@ -100,4 +100,4 @@ "root": true, "extends": "next" } -} \ No newline at end of file +} diff --git a/templates/next-starter-with-examples/package.json b/templates/next-starter-with-examples/package.json index 44d0e548..22999a22 100644 --- a/templates/next-starter-with-examples/package.json +++ b/templates/next-starter-with-examples/package.json @@ -16,7 +16,7 @@ "@xmtp/frames-validator": "^0.6.1", "clsx": "^2.1.0", "frames.js": "^0.22.0", - "next": "^14.1.4", + "next": "14.2.35", "react": "^18.2.0", "react-dom": "^18.2.0", "tailwindcss-animate": "^1.0.7", diff --git a/templates/next-utils-starter/package.json b/templates/next-utils-starter/package.json index a0bfe3a6..fc228164 100644 --- a/templates/next-utils-starter/package.json +++ b/templates/next-utils-starter/package.json @@ -12,7 +12,7 @@ }, "dependencies": { "frames.js": "^0.22.0", - "next": "^14.1.4", + "next": "14.2.35", "react": "^18.2.0", "react-dom": "^18.2.0" }, diff --git a/templates/next/package.json b/templates/next/package.json index 25723a41..1d2d962f 100644 --- a/templates/next/package.json +++ b/templates/next/package.json @@ -5,7 +5,7 @@ "type": "module", "dependencies": { "frames.js": "^0.22.0", - "next": "^14.1.4", + "next": "14.2.35", "react": "^18.2.0", "react-dom": "^18.2.0" }, From c4dda7600e2437dea6ce5ad6dd0d2a887f72d9e2 Mon Sep 17 00:00:00 2001 From: Norman Xu Date: Wed, 17 Dec 2025 00:30:24 +0800 Subject: [PATCH 2/2] fix: node version to <= 22 due to lens requires it --- package.json | 2 +- packages/create-frames/package.json | 4 ++-- packages/debugger/package.json | 2 +- .../cloudflare-worker-with-custom-images-worker/package.json | 2 +- templates/cloudflare-worker/package.json | 2 +- templates/express/package.json | 2 +- templates/hono/package.json | 2 +- templates/next-starter-with-examples/package.json | 2 +- templates/next-utils-starter/package.json | 2 +- templates/next/package.json | 2 +- templates/remix/package.json | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/package.json b/package.json index f7fef4dd..a6b3d171 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ }, "repository": "framesjs/frames.js", "engines": { - "node": ">=18" + "node": ">=18 <=22" }, "packageManager": "yarn@1.22.19", "workspaces": [ diff --git a/packages/create-frames/package.json b/packages/create-frames/package.json index 92ddcc51..d29dd8a6 100644 --- a/packages/create-frames/package.json +++ b/packages/create-frames/package.json @@ -5,7 +5,7 @@ "bin": "bin.js", "license": "MIT", "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" }, "engineStrict": true, "dependencies": { @@ -19,4 +19,4 @@ "@types/yargs": "^17.0.32" }, "repository": "framesjs/frames.js" -} \ No newline at end of file +} diff --git a/packages/debugger/package.json b/packages/debugger/package.json index 12217d15..e17ad073 100644 --- a/packages/debugger/package.json +++ b/packages/debugger/package.json @@ -27,7 +27,7 @@ "yargs": "^17.7.2" }, "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" }, "optionalDependencies": { "better-sqlite3": "^11.7.0" diff --git a/templates/cloudflare-worker-with-custom-images-worker/package.json b/templates/cloudflare-worker-with-custom-images-worker/package.json index db31da03..0396bdb1 100644 --- a/templates/cloudflare-worker-with-custom-images-worker/package.json +++ b/templates/cloudflare-worker-with-custom-images-worker/package.json @@ -31,7 +31,7 @@ } }, "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" }, "scripts": { "dev": "node ./scripts/dev-script.js", diff --git a/templates/cloudflare-worker/package.json b/templates/cloudflare-worker/package.json index cf03742a..eec30593 100644 --- a/templates/cloudflare-worker/package.json +++ b/templates/cloudflare-worker/package.json @@ -34,7 +34,7 @@ } }, "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" }, "scripts": { "dev": "node ./scripts/dev-script.js", diff --git a/templates/express/package.json b/templates/express/package.json index 9a61724c..bd069ad3 100644 --- a/templates/express/package.json +++ b/templates/express/package.json @@ -24,7 +24,7 @@ "vite-tsconfig-paths": "^4.2.1" }, "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" }, "scripts": { "dev": "node ./scripts/dev-script.js", diff --git a/templates/hono/package.json b/templates/hono/package.json index f9df0eff..9a2b2b4d 100644 --- a/templates/hono/package.json +++ b/templates/hono/package.json @@ -22,7 +22,7 @@ "vite-tsconfig-paths": "^4.2.1" }, "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" }, "scripts": { "dev": "node ./scripts/dev-script.js", diff --git a/templates/next-starter-with-examples/package.json b/templates/next-starter-with-examples/package.json index 22999a22..a421e425 100644 --- a/templates/next-starter-with-examples/package.json +++ b/templates/next-starter-with-examples/package.json @@ -23,7 +23,7 @@ "uuid": "^10.0.0" }, "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" }, "devDependencies": { "@frames.js/debugger": "^0.5.0", diff --git a/templates/next-utils-starter/package.json b/templates/next-utils-starter/package.json index fc228164..38431fb0 100644 --- a/templates/next-utils-starter/package.json +++ b/templates/next-utils-starter/package.json @@ -30,6 +30,6 @@ "typescript": "^5.4.5" }, "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" } } diff --git a/templates/next/package.json b/templates/next/package.json index 1d2d962f..825c7c85 100644 --- a/templates/next/package.json +++ b/templates/next/package.json @@ -26,6 +26,6 @@ "lint": "next lint" }, "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" } } diff --git a/templates/remix/package.json b/templates/remix/package.json index d83f832e..2795eb9b 100644 --- a/templates/remix/package.json +++ b/templates/remix/package.json @@ -4,7 +4,7 @@ "private": true, "type": "module", "engines": { - "node": ">=18.17.0" + "node": ">=18.17.0 <=22" }, "dependencies": { "@remix-run/node": "^2.8.1",