Skip to content

Address react and next CVEs #8179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
konstantin-msft merged 5 commits into from
Dec 4, 2025
Merged

Address react and next CVEs #8179

konstantin-msft merged 5 commits into from
Dec 4, 2025

Conversation

@konstantin-msft
Copy link
Collaborator

@konstantin-msft konstantin-msft commented Dec 4, 2025

  • Address react and next CVEs

@konstantin-msft konstantin-msft requested review from a team as code owners December 4, 2025 03:42
Copilot AI review requested due to automatic review settings December 4, 2025 03:42
Copilot AI reviewed Dec 4, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates React and Next.js dependencies across sample applications and the msal-react library to address security vulnerabilities (CVEs). The changes update React from 19.1.0 to 19.1.2 and Next.js from 15.4.7 to 15.4.8.

Key Changes:

  • React and react-dom updated from ^19.1.0 to ^19.1.2 across all React samples and msal-react devDependencies
  • Next.js updated from ^15.4.7 to ^15.4.8 in the Next.js sample
  • msal-react peer dependency updated to specify ^19.1.2 (note: this change has implications)

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
samples/msal-react-samples/typescript-sample/package.json Updates React dependencies to address CVEs
samples/msal-react-samples/react-router-sample/package.json Updates React dependencies to address CVEs
samples/msal-react-samples/nextjs-sample/package.json Updates React and Next.js dependencies to address CVEs
samples/msal-react-samples/b2c-sample/package.json Updates React dependencies to address CVEs
samples/msal-node-samples/ElectronSystemBrowserTestApp/package.json Updates React dependencies to address CVEs
lib/msal-react/package.json Updates React devDependencies and peer dependency constraint
package-lock.json Lockfile updates reflecting dependency version changes

peterzenz
peterzenz previously approved these changes Dec 4, 2025
View reviewed changes
hectormmg
hectormmg previously approved these changes Dec 4, 2025
View reviewed changes
@konstantin-msft konstantin-msft dismissed stale reviews from hectormmg and peterzenz via 16d0660 December 4, 2025 04:08
@konstantin-msft konstantin-msft merged commit 0a9c566 into dev Dec 4, 2025
7 checks passed
@konstantin-msft konstantin-msft deleted the fix_react_cve branch December 4, 2025 04:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hectormmg hectormmg hectormmg approved these changes

@peterzenz peterzenz peterzenz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@konstantin-msft @hectormmg @peterzenz