shen/worth-calculator
1
0
Fork 0
mirror of https://github.com/Zippland/worth-calculator.git synced 2026-02-13 02:49:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update React Flight/Next.js RCE vulnerability

Browse Source 
## React Flight / Next.js RCE Advisory Update

### Summary
Successfully addressed the React Flight / Next.js RCE advisory for the worth-calculator project. The project was affected by the vulnerability as it uses Next.js 15.x.

### Vulnerability Detection
**Affected Packages Found:**
-  `next@15.0.2` - Vulnerable version detected in dependencies
-  `eslint-config-next@15.0.2` - Dev dependency that needed updating

**Not Used:**
-  `react-server-dom-webpack` - Not used
-  `react-server-dom-parcel` - Not used  
-  `react-server-dom-turbopack` - Not used

### Changes Made

#### Modified Files:
1. **package.json**
   - Upgraded `next` from `15.0.2` → `15.0.5` (patched version for 15.0.x)
   - Upgraded `eslint-config-next` from `15.0.2` → `15.0.5` (matching version)
   - React versions left unchanged as Next.js manages these dependencies automatically

2. **package-lock.json**
   - Updated via `npm install --legacy-peer-deps`
   - All dependencies resolved to compatible versions

### Verification Results

 **Build Verification**: `npm run build` completed successfully
- Next.js 15.0.5 built without errors
- All pages generated correctly
- Pre-existing ESLint warnings only (not introduced by this change)

 **Linter Check**: `npm run lint` passed
- Only pre-existing warnings found
- No new errors introduced by the update

 **Dependency Resolution**: Confirmed via `npm ls`
- next@15.0.5 ✓
- eslint-config-next@15.0.5 ✓

### Notes
- The project uses an RC build of React (`19.0.0-rc-02c0e824-20241028`) which required using `--legacy-peer-deps` flag during installation, but this is not a blocker as it's already configured in the project
- No React or React-DOM version changes needed as Next.js handles these automatically
- No manual changes to application code were required
- All changes are dependency-related and backward compatible

### Security Impact
This update patches the Next.js vulnerability affecting React Server Components security, addressing the RCE advisory identified in the security notice.

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
This commit is contained in:
Vercel
2025-12-08 11:38:06 +00:00
parent 87ed2d6cfc
commit 89fd5bcb0d
2 changed files with 57 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
package-lock.json generated
View File

@@ -13,7 +13,7 @@
"html-to-image": "^1.11.13",
"html2canvas": "^1.4.1",
"lucide-react": "^0.454.0",
"next": "15.0.2",
"next": "15.0.5",
"qrcode": "^1.5.4",
"react": "19.0.0-rc-02c0e824-20241028",
"react-dom": "19.0.0-rc-02c0e824-20241028"
@@ -25,7 +25,7 @@
"@types/react-dom": "^18",
"babel-plugin-react-compiler": "^19.0.0-beta-e993439-20250328",
"eslint": "^8",
"eslint-config-next": "15.0.2",
"eslint-config-next": "15.0.5",
"postcss": "^8",
"tailwindcss": "^3.4.1",
"typescript": "^5"
@@ -48,7 +48,7 @@
"version": "7.25.9",
"resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz",
"integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==",
"devOptional": true,
"dev": true,
"license": "MIT",
"engines": {
"node": ">=6.9.0"
@@ -58,7 +58,7 @@
"version": "7.25.9",
"resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz",
"integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==",
"devOptional": true,
"dev": true,
"license": "MIT",
"engines": {
"node": ">=6.9.0"
@@ -68,7 +68,7 @@
"version": "7.27.0",
"resolved": "https://registry.npmjs.org/@babel/types/-/types-7.27.0.tgz",
"integrity": "sha512-H45s8fVLYjbhFH62dIJ3WtmJ6RSPt/3DRO0ZcT2SUiYiQyz3BLVb9ADEnLl91m74aQPS3AzzeajZHYOalWe3bg==",
"devOptional": true,
"dev": true,
"license": "MIT",
"dependencies": {
"@babel/helper-string-parser": "^7.25.9",
@@ -651,15 +651,15 @@
}
},
"node_modules/@next/env": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/env/-/env-15.0.2.tgz",
"integrity": "sha512-c0Zr0ModK5OX7D4ZV8Jt/wqoXtitLNPwUfG9zElCZztdaZyNVnN40rDXVZ/+FGuR4CcNV5AEfM6N8f+Ener7Dg==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/env/-/env-15.0.5.tgz",
"integrity": "sha512-rDeqk/QF6OxTSvQItPdtyR0O4QN5L2a794F4+i8/syHN92DqFXcLNhZgLtYhW3rrJ23vRR7B5wIamsgGM4I6UQ==",
"license": "MIT"
},
"node_modules/@next/eslint-plugin-next": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/eslint-plugin-next/-/eslint-plugin-next-15.0.2.tgz",
"integrity": "sha512-R9Jc7T6Ge0txjmqpPwqD8vx6onQjynO9JT73ArCYiYPvSrwYXepH/UY/WdKDY8JPWJl72sAE4iGMHPeQ5xdEWg==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/eslint-plugin-next/-/eslint-plugin-next-15.0.5.tgz",
"integrity": "sha512-KgB0AN+6s97MHv9AIMMyuMt0nbXT8gfoawxR0oNSUcvYKkjuYuACqpFi4A5ePLNy4XtOtThUTQfKzWxfCsP25A==",
"dev": true,
"license": "MIT",
"dependencies": {
@@ -667,9 +667,9 @@
}
},
"node_modules/@next/swc-darwin-arm64": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.0.2.tgz",
"integrity": "sha512-GK+8w88z+AFlmt+ondytZo2xpwlfAR8U6CRwXancHImh6EdGfHMIrTSCcx5sOSBei00GyLVL0ioo1JLKTfprgg==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.0.5.tgz",
"integrity": "sha512-BrNm/9BZoV6QEFKFZdgZRyYwhdhxV8GhW+U4D5cdkT4Wefj7YflAUZNx2FWyBPp7utBPCgJXnVbVLhlDoIfKFg==",
"cpu": [
"arm64"
],
@@ -683,9 +683,9 @@
}
},
"node_modules/@next/swc-darwin-x64": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-15.0.2.tgz",
"integrity": "sha512-KUpBVxIbjzFiUZhiLIpJiBoelqzQtVZbdNNsehhUn36e2YzKHphnK8eTUW1s/4aPy5kH/UTid8IuVbaOpedhpw==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-15.0.5.tgz",
"integrity": "sha512-SkpRdqyJLhmU6Ip0dHrZ5mLMQgTU0MlTASRwqCj6NXQJ04eS4QzBgEUUOPX+tsUOQ+KSVMgX/iQaWgQHNMyyCQ==",
"cpu": [
"x64"
],
@@ -699,9 +699,9 @@
}
},
"node_modules/@next/swc-linux-arm64-gnu": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.0.2.tgz",
"integrity": "sha512-9J7TPEcHNAZvwxXRzOtiUvwtTD+fmuY0l7RErf8Yyc7kMpE47MIQakl+3jecmkhOoIyi/Rp+ddq7j4wG6JDskQ==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.0.5.tgz",
"integrity": "sha512-nk+6BAIkIHTeQg+U1uqGpZ8K1KSAbhq80EkSgpgPC6wBmRkEeBitn4yL9C0fUiEPeZ3zN4yrvI635GG/H2QmSQ==",
"cpu": [
"arm64"
],
@@ -715,9 +715,9 @@
}
},
"node_modules/@next/swc-linux-arm64-musl": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.0.2.tgz",
"integrity": "sha512-BjH4ZSzJIoTTZRh6rG+a/Ry4SW0HlizcPorqNBixBWc3wtQtj4Sn9FnRZe22QqrPnzoaW0ctvSz4FaH4eGKMww==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.0.5.tgz",
"integrity": "sha512-CozywhydLroNNz1AMKdKKVBuRc0UIBG7TlVgXXn51MdZo4sMbfApOlQFUyuAbKJbe67vd39Yib2lVVVDfLTtfw==",
"cpu": [
"arm64"
],
@@ -731,9 +731,9 @@
}
},
"node_modules/@next/swc-linux-x64-gnu": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.0.2.tgz",
"integrity": "sha512-i3U2TcHgo26sIhcwX/Rshz6avM6nizrZPvrDVDY1bXcLH1ndjbO8zuC7RoHp0NSK7wjJMPYzm7NYL1ksSKFreA==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.0.5.tgz",
"integrity": "sha512-VWfvl8toyC/5Rn1GgKfiASYgssCsxz4GtwK2cFKmmnyGfoKubFc6DfCI5MzBoe2Q2gzd2CeZDoT1BhuutSiL7A==",
"cpu": [
"x64"
],
@@ -747,9 +747,9 @@
}
},
"node_modules/@next/swc-linux-x64-musl": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.0.2.tgz",
"integrity": "sha512-AMfZfSVOIR8fa+TXlAooByEF4OB00wqnms1sJ1v+iu8ivwvtPvnkwdzzFMpsK5jA2S9oNeeQ04egIWVb4QWmtQ==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.0.5.tgz",
"integrity": "sha512-xCD/V4Z55eFtG2SNyXgG3ciIikcxNe4FgmgcW4xTaEcLY59ZJVLxx4PLve2vDgp7xqvwDD4vvUsJuFMuQ12oGg==",
"cpu": [
"x64"
],
@@ -763,9 +763,9 @@
}
},
"node_modules/@next/swc-win32-arm64-msvc": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.0.2.tgz",
"integrity": "sha512-JkXysDT0/hEY47O+Hvs8PbZAeiCQVxKfGtr4GUpNAhlG2E0Mkjibuo8ryGD29Qb5a3IOnKYNoZlh/MyKd2Nbww==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.0.5.tgz",
"integrity": "sha512-OmKXP/mUzY+AiDFk9PR3RoM6YfgzNYhtSbfvTUDk3PxoCLKnwTZ8xsFoWX2ph/RFC25QucTeAFepouGGsdBPAg==",
"cpu": [
"arm64"
],
@@ -779,9 +779,9 @@
}
},
"node_modules/@next/swc-win32-x64-msvc": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.0.2.tgz",
"integrity": "sha512-foaUL0NqJY/dX0Pi/UcZm5zsmSk5MtP/gxx3xOPyREkMFN+CTjctPfu3QaqrQHinaKdPnMWPJDKt4VjDfTBe/Q==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.0.5.tgz",
"integrity": "sha512-O34P9asvZtdNQ+4sEczSLruYvM7XEQKY/FCwRAeQQnrWW3tol3VEuv2GtnFb1YHsP3lZtagd11UYJqrs0Y0r2A==",
"cpu": [
"x64"
],
@@ -1570,7 +1570,7 @@
"version": "19.0.0-beta-e993439-20250328",
"resolved": "https://registry.npmjs.org/babel-plugin-react-compiler/-/babel-plugin-react-compiler-19.0.0-beta-e993439-20250328.tgz",
"integrity": "sha512-eq0lxXDicCNfhtIhm2L2nW2FyDcPMfuJTQG641ZWMWxEVqwmtUlAkWXC4o5C3vykhWMTsXmiJe7/hxXVUbV8ZA==",
"devOptional": true,
"dev": true,
"license": "MIT",
"dependencies": {
"@babel/types": "^7.26.0"
@@ -2400,13 +2400,13 @@
}
},
"node_modules/eslint-config-next": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/eslint-config-next/-/eslint-config-next-15.0.2.tgz",
"integrity": "sha512-N8o6cyUXzlMmQbdc2Kc83g1qomFi3ITqrAZfubipVKET2uR2mCStyGRcx/r8WiAIVMul2KfwRiCHBkTpBvGBmA==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/eslint-config-next/-/eslint-config-next-15.0.5.tgz",
"integrity": "sha512-0mCMDbLeimbf+VFC1PG45f0GxkGt1mGDL4FblRgtre4mLAupdFEDKzBEIJvI+KmxtS/VtwWRljq4RLDqraU3gQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"@next/eslint-plugin-next": "15.0.2",
"@next/eslint-plugin-next": "15.0.5",
"@rushstack/eslint-patch": "^1.10.3",
"@typescript-eslint/eslint-plugin": "^5.4.2 || ^6.0.0 || ^7.0.0 || ^8.0.0",
"@typescript-eslint/parser": "^5.4.2 || ^6.0.0 || ^7.0.0 || ^8.0.0",
@@ -4181,12 +4181,12 @@
"license": "MIT"
},
"node_modules/next": {
"version": "15.0.2",
"resolved": "https://registry.npmjs.org/next/-/next-15.0.2.tgz",
"integrity": "sha512-rxIWHcAu4gGSDmwsELXacqAPUk+j8dV/A9cDF5fsiCMpkBDYkO2AEaL1dfD+nNmDiU6QMCFN8Q30VEKapT9UHQ==",
"version": "15.0.5",
"resolved": "https://registry.npmjs.org/next/-/next-15.0.5.tgz",
"integrity": "sha512-WTh/Rmxkn4J4vwSYiqEZGzoxjid83iCyN0qg7oJFKzHjYCzy5mwBRqWVlFotM9nAnxGGv5MzbMa4gMu88qeGLA==",
"license": "MIT",
"dependencies": {
"@next/env": "15.0.2",
"@next/env": "15.0.5",
"@swc/counter": "0.1.3",
"@swc/helpers": "0.5.13",
"busboy": "1.6.0",
@@ -4198,25 +4198,25 @@
"next": "dist/bin/next"
},
"engines": {
"node": ">=18.18.0"
"node": "^18.18.0 || ^19.8.0 || >= 20.0.0"
},
"optionalDependencies": {
"@next/swc-darwin-arm64": "15.0.2",
"@next/swc-darwin-x64": "15.0.2",
"@next/swc-linux-arm64-gnu": "15.0.2",
"@next/swc-linux-arm64-musl": "15.0.2",
"@next/swc-linux-x64-gnu": "15.0.2",
"@next/swc-linux-x64-musl": "15.0.2",
"@next/swc-win32-arm64-msvc": "15.0.2",
"@next/swc-win32-x64-msvc": "15.0.2",
"@next/swc-darwin-arm64": "15.0.5",
"@next/swc-darwin-x64": "15.0.5",
"@next/swc-linux-arm64-gnu": "15.0.5",
"@next/swc-linux-arm64-musl": "15.0.5",
"@next/swc-linux-x64-gnu": "15.0.5",
"@next/swc-linux-x64-musl": "15.0.5",
"@next/swc-win32-arm64-msvc": "15.0.5",
"@next/swc-win32-x64-msvc": "15.0.5",
"sharp": "^0.33.5"
},
"peerDependencies": {
"@opentelemetry/api": "^1.1.0",
"@playwright/test": "^1.41.2",
"babel-plugin-react-compiler": "*",
"react": "^18.2.0 || 19.0.0-rc-02c0e824-20241028",
"react-dom": "^18.2.0 || 19.0.0-rc-02c0e824-20241028",
"react": "^18.2.0 || 19.0.0-rc-66855b96-20241106 || ^19.0.0",
"react-dom": "^18.2.0 || 19.0.0-rc-66855b96-20241106 || ^19.0.0",
"sass": "^1.3.0"
},
"peerDependenciesMeta": {

4
package.json
View File

@@ -14,7 +14,7 @@
"html-to-image": "^1.11.13",
"html2canvas": "^1.4.1",
"lucide-react": "^0.454.0",
"next": "15.0.2",
"next": "15.0.5",
"qrcode": "^1.5.4",
"react": "19.0.0-rc-02c0e824-20241028",
"react-dom": "19.0.0-rc-02c0e824-20241028"
@@ -26,7 +26,7 @@
"@types/react-dom": "^18",
"babel-plugin-react-compiler": "^19.0.0-beta-e993439-20250328",
"eslint": "^8",
"eslint-config-next": "15.0.2",
"eslint-config-next": "15.0.5",
"postcss": "^8",
"tailwindcss": "^3.4.1",
"typescript": "^5"