arkorty/Osborne
1
0
Fork 0
mirror of https://github.com/arkorty/Osborne.git synced 2026-03-17 16:51:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
24 Commits 2 Branches 0 Tags
main
Commit Graph

24 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arkaprabha Chakraborty
3971dc3f0e Merge pull request #1 from arkorty/vercel/react-flightnextjs-rce-vulnera-ym1k90 
Fix React Server Components RCE vulnerability
 2025-12-10 14:55:37 +05:30
Vercel
cdca35584c Update React Flight/Next.js RCE vulnerability 
# React Flight / Next.js RCE Advisory Fix

## Summary
Updated the Osborne repository to address the React Flight / Next.js RCE advisory by upgrading Next.js to a patched version.

## Vulnerability Assessment
 **Project is affected**: Uses Next.js 15.2.4
 **Not using React Flight packages**: No react-server-dom-* packages detected

## Changes Made

### Modified Files
1. **client/package.json**
   - Upgraded `next` from `^15.2.4` to `15.2.6` (exact version pin)
   - This is the patched version for Next.js 15.2.x per the advisory guidelines
   - React versions (`react@18.3.1`, `react-dom@18.3.1`) were not modified as they are managed by Next.js

2. **client/package-lock.json**
   - Updated lockfile to reflect Next.js 15.2.6 installation
   - All dependency resolutions verified

## Verification
 Dependencies installed successfully with `npm install`
 Next.js version confirmed: `next@15.2.6` (verified via `npm list next`)
 Production build completed successfully with `next build`
 Linter passed with no errors or warnings (`next lint`)
 React versions remain at 18.3.1 (compatible with Next.js 15.2.6)

## Implementation Details
- Only modified Next.js version as this is a Next.js project
- Did not modify React versions as Next.js handles React dependency management
- Used exact version pinning (15.2.6) instead of caret to ensure the patched version is used
- No application logic changes were made

## Notes
- The project structure is a monorepo with a Next.js client (`./client`) and a Go server
- Only the client application required updates
- The server component (written in Go) has no Node.js dependencies

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
 2025-12-08 16:05:24 +00:00
Arkaprabha Chakraborty
5f243e7619 fix multiple file uploads 2025-11-04 05:38:21 +05:30
Arkaprabha Chakraborty
d10afbaa16 fix content warning double click issue 2025-11-04 05:02:27 +05:30
Arkaprabha Chakraborty
968d37900d style stuff 2025-11-01 23:16:22 +05:30
Arkaprabha Chakraborty
6849d6d266 fix websocket connection stuff 2025-11-01 22:16:15 +05:30
Arkaprabha Chakraborty
d392e1684b OG stuff 2025-11-01 14:13:36 +05:30
Arkaprabha Chakraborty
faf0baf248 user fixes 2025-11-01 08:39:11 +05:30
Arkaprabha Chakraborty
5871d9f8cf recordinggggggggggggg... 2025-11-01 08:19:43 +05:30
Arkaprabha Chakraborty
7a72b66620 ui fixes yooooooo 2025-11-01 07:08:43 +05:30
Arkaprabha Chakraborty
bb2dfbbe80 ui fixes yooooooo 2025-11-01 05:47:15 +05:30
Arkaprabha Chakraborty
0ad067efb2 ui fixes yo 2025-11-01 02:41:23 +05:30
Arkaprabha Chakraborty
8e4dfe5c87 more more fixes 2025-10-31 02:16:20 +05:30
Arkaprabha Chakraborty
65035a2a9e more fixes 2025-10-31 02:01:30 +05:30
Arkaprabha Chakraborty
9525837bc2 more ui fixes 2025-10-31 01:59:47 +05:30
Arkaprabha Chakraborty
9223e6dea3 ui fixes 2025-10-31 01:55:42 +05:30
Arkaprabha Chakraborty
b35e3bf677 style stuff 2025-10-31 01:40:54 +05:30
Arkaprabha Chakraborty
3bb4e52365 feat purge button, delete comments 2025-10-31 00:20:58 +05:30
Arkaprabha Chakraborty
b47786465d fix font 2025-10-30 22:37:58 +05:30
Arkaprabha Chakraborty
f51fac6afd style again 2025-10-30 21:32:09 +05:30
Arkaprabha Chakraborty
1b1b925cd5 style 2025-10-30 20:57:20 +05:30
Arkaprabha Chakraborty
125887e5aa style 2025-10-30 11:29:34 +05:30
Arkaprabha Chakraborty
0a555be303 chore 2025-10-30 11:17:57 +05:30
Arkaprabha Chakraborty
02a102481e init 2025-10-30 11:04:17 +05:30