mirror of
https://github.com/arkorty/Osborne.git
synced 2026-03-17 16:51:44 +00:00
cdca35584c
# React Flight / Next.js RCE Advisory Fix ## Summary Updated the Osborne repository to address the React Flight / Next.js RCE advisory by upgrading Next.js to a patched version. ## Vulnerability Assessment ✅ **Project is affected**: Uses Next.js 15.2.4 ❌ **Not using React Flight packages**: No react-server-dom-* packages detected ## Changes Made ### Modified Files 1. **client/package.json** - Upgraded `next` from `^15.2.4` to `15.2.6` (exact version pin) - This is the patched version for Next.js 15.2.x per the advisory guidelines - React versions (`react@18.3.1`, `react-dom@18.3.1`) were not modified as they are managed by Next.js 2. **client/package-lock.json** - Updated lockfile to reflect Next.js 15.2.6 installation - All dependency resolutions verified ## Verification ✅ Dependencies installed successfully with `npm install` ✅ Next.js version confirmed: `next@15.2.6` (verified via `npm list next`) ✅ Production build completed successfully with `next build` ✅ Linter passed with no errors or warnings (`next lint`) ✅ React versions remain at 18.3.1 (compatible with Next.js 15.2.6) ## Implementation Details - Only modified Next.js version as this is a Next.js project - Did not modify React versions as Next.js handles React dependency management - Used exact version pinning (15.2.6) instead of caret to ensure the patched version is used - No application logic changes were made ## Notes - The project structure is a monorepo with a Next.js client (`./client`) and a Go server - Only the client application required updates - The server component (written in Go) has no Node.js dependencies Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
68 lines
1.9 KiB
JSON
68 lines
1.9 KiB
JSON
{
|
|
"name": "room",
|
|
"version": "0.1.0",
|
|
"private": true,
|
|
"scripts": {
|
|
"dev": "next dev",
|
|
"build": "next build",
|
|
"start": "next start",
|
|
"lint": "next lint"
|
|
},
|
|
"dependencies": {
|
|
"@monaco-editor/react": "^4.7.0",
|
|
"@radix-ui/react-hover-card": "^1.1.6",
|
|
"@radix-ui/react-icons": "^1.3.2",
|
|
"@radix-ui/react-label": "^2.1.2",
|
|
"@radix-ui/react-primitive": "^2.0.2",
|
|
"@radix-ui/react-slot": "^1.1.2",
|
|
"@react-three/drei": "^9.122.0",
|
|
"@react-three/fiber": "^8.18.0",
|
|
"@shadcn/ui": "^0.0.4",
|
|
"@stitches/react": "^1.2.8",
|
|
"@tabler/icons-react": "^3.31.0",
|
|
"@tsparticles/engine": "^3.8.1",
|
|
"@tsparticles/react": "^3.0.0",
|
|
"@tsparticles/slim": "^3.8.1",
|
|
"aceternity-ui": "^0.2.2",
|
|
"class-variance-authority": "^0.7.1",
|
|
"clsx": "^2.1.1",
|
|
"cobe": "^0.6.3",
|
|
"dotenv": "^16.4.7",
|
|
"framer-motion": "^11.18.2",
|
|
"input-otp": "^1.4.2",
|
|
"lodash": "^4.17.21",
|
|
"lucide-react": "^0.456.0",
|
|
"mini-svg-data-uri": "^1.4.4",
|
|
"monaco-editor": "^0.54.0",
|
|
"next": "15.2.6",
|
|
"next-themes": "^0.4.6",
|
|
"qss": "^3.0.0",
|
|
"react": "^18.3.1",
|
|
"react-dom": "^18.3.1",
|
|
"react-dropzone": "^14.3.8",
|
|
"react-icons": "^5.5.0",
|
|
"simplex-noise": "^4.0.3",
|
|
"tailwind-gradient-mask-image": "^1.2.0",
|
|
"tailwind-merge": "^2.6.0",
|
|
"tailwindcss-animate": "^1.0.7",
|
|
"three": "^0.169.0",
|
|
"three-globe": "^2.42.3",
|
|
"ws": "^8.18.1"
|
|
},
|
|
"devDependencies": {
|
|
"@babel/preset-typescript": "^7.27.0",
|
|
"@types/lodash": "^4.17.16",
|
|
"@types/node": "^22.13.14",
|
|
"@types/react": "^18.3.20",
|
|
"@types/react-dom": "^18.3.5",
|
|
"@types/three": "^0.169.0",
|
|
"@types/ws": "^8.18.0",
|
|
"autoprefixer": "^10.4.21",
|
|
"eslint": "^8.57.1",
|
|
"eslint-config-next": "15.0.2",
|
|
"postcss": "^8.5.3",
|
|
"tailwindcss": "^3.4.17",
|
|
"typescript": "^5.8.2"
|
|
}
|
|
}
|