From 98ea2fe42427601c5b9d5c82d461fceab4f5e0e4 Mon Sep 17 00:00:00 2001
From: Vercel <vercel[bot]@users.noreply.github.com>
Date: Fri, 19 Dec 2025 14:43:29 +0000
Subject: [PATCH] Fix React Server Components CVE vulnerabilities

Updated dependencies to fix Next.js and React CVE vulnerabilities.

The fix-react2shell-next tool automatically updated the following packages to their secure versions:
- next
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack

All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory.

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
---
 package.json   | 48 ++++++++++++++++++++++++------------------------
 pnpm-lock.yaml | 14 +++++++-------
 2 files changed, 31 insertions(+), 31 deletions(-)

diff --git a/package.json b/package.json
index 8b4fde7..9b07ce1 100644
--- a/package.json
+++ b/package.json
@@ -1,26 +1,26 @@
 {
-	"name": "example-next-js",
-	"version": "1.0.0",
-	"private": true,
-	"scripts": {
-		"dev": "next dev",
-		"build": "next build",
-		"start": "next start",
-		"lint": "next lint"
-	},
-	"dependencies": {
-		"@rivetkit/next-js": "^2.0.26",
-		"eventsource": "^4.0.0",
-		"next": "15.4.8",
-		"react": "19.1.0",
-		"react-dom": "19.1.0",
-		"rivetkit": "^2.0.26"
-	},
-	"devDependencies": {
-		"@types/node": "^20",
-		"@types/react": "^19",
-		"@types/react-dom": "^19",
-		"typescript": "^5"
-	},
-	"packageManager": "pnpm@8.15.6+sha1.8105075ad0aa306138be128c017e9c41e28ecffa"
+  "name": "example-next-js",
+  "version": "1.0.0",
+  "private": true,
+  "scripts": {
+    "dev": "next dev",
+    "build": "next build",
+    "start": "next start",
+    "lint": "next lint"
+  },
+  "dependencies": {
+    "@rivetkit/next-js": "^2.0.26",
+    "eventsource": "^4.0.0",
+    "next": "15.4.10",
+    "react": "19.1.0",
+    "react-dom": "19.1.0",
+    "rivetkit": "^2.0.26"
+  },
+  "devDependencies": {
+    "@types/node": "^20",
+    "@types/react": "^19",
+    "@types/react-dom": "^19",
+    "typescript": "^5"
+  },
+  "packageManager": "pnpm@8.15.6+sha1.8105075ad0aa306138be128c017e9c41e28ecffa"
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 23897da..6c1fe72 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -12,8 +12,8 @@ dependencies:
     specifier: ^4.0.0
     version: 4.0.0
   next:
-    specifier: 15.4.8
-    version: 15.4.8(react-dom@19.1.0)(react@19.1.0)
+    specifier: 15.4.10
+    version: 15.4.10(react-dom@19.1.0)(react@19.1.0)
   react:
     specifier: 19.1.0
     version: 19.1.0
@@ -383,8 +383,8 @@ packages:
     dev: false
     optional: true
 
-  /@next/env@15.4.8:
-    resolution: {integrity: sha512-LydLa2MDI1NMrOFSkO54mTc8iIHSttj6R6dthITky9ylXV2gCGi0bHQjVCtLGRshdRPjyh2kXbxJukDtBWQZtQ==}
+  /@next/env@15.4.10:
+    resolution: {integrity: sha512-knhmoJ0Vv7VRf6pZEPSnciUG1S4bIhWx+qTYBW/AjxEtlzsiNORPk8sFDCEvqLfmKuey56UB9FL1UdHEV3uBrg==}
     dev: false
 
   /@next/swc-darwin-arm64@15.4.8:
@@ -693,8 +693,8 @@ packages:
     hasBin: true
     dev: false
 
-  /next@15.4.8(react-dom@19.1.0)(react@19.1.0):
-    resolution: {integrity: sha512-jwOXTz/bo0Pvlf20FSb6VXVeWRssA2vbvq9SdrOPEg9x8E1B27C2rQtvriAn600o9hH61kjrVRexEffv3JybuA==}
+  /next@15.4.10(react-dom@19.1.0)(react@19.1.0):
+    resolution: {integrity: sha512-itVlc79QjpKMFMRhP+kbGKaSG/gZM6RCvwhEbwmCNF06CdDiNaoHcbeg0PqkEa2GOcn8KJ0nnc7+yL7EjoYLHQ==}
     engines: {node: ^18.18.0 || ^19.8.0 || >= 20.0.0}
     hasBin: true
     peerDependencies:
@@ -714,7 +714,7 @@ packages:
       sass:
         optional: true
     dependencies:
-      '@next/env': 15.4.8
+      '@next/env': 15.4.10
       '@swc/helpers': 0.5.15
       caniuse-lite: 1.0.30001751
       postcss: 8.4.31