← 返回首页
Fix React Server Components CVE vulnerabilities by vercel[bot] · Pull Request #771 · javaistic/javaistic · GitHub
Skip to content

Navigation Menu

Toggle navigation
Sign in
Appearance settings
Search or jump to...

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Appearance settings
Resetting focus

Fix React Server Components CVE vulnerabilities#771

Merged
arghyaxcodes merged 1 commit into
mainfrom
vercel/react-server-components-cve-vu-x101as
Apr 11, 2026
Merged

Fix React Server Components CVE vulnerabilities#771
arghyaxcodes merged 1 commit into
mainfrom
vercel/react-server-components-cve-vu-x101as

Conversation

vercel Bot commented Apr 11, 2026

Copy link
Copy Markdown
Contributor

Important

This is an automatic PR generated by Vercel to help you patch known vulnerabilities related to CVE-2025-55182 (React2Shell), CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779. We can't guarantee the PR is comprehensive, and it may contain mistakes.

Not all projects are affected by all issues, but patched versions are required to ensure full remediation.

Vercel has deployed WAF mitigations globally to help protect your application, but upgrading remains required for complete protection.

This automated pull request updates your React, Next.js, and related Server Components packages to versions that fix all currently known React Server Components vulnerabilities, including the two newly discovered issues.

See our Security Bulletins for more information and reach out to security@vercel.com with any questions.

Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>

vercel Bot commented Apr 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
javaistic Ready Preview, Comment Apr 11, 2026 10:12pm

arghyaxcodes marked this pull request as ready for review April 11, 2026 22:13
Hide details View details arghyaxcodes merged commit 2483c12 into main Apr 11, 2026
4 checks passed
arghyaxcodes deleted the vercel/react-server-components-cve-vu-x101as branch April 11, 2026 22:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Footer

© 2026 GitHub, Inc.