fix: update Next.js peerDeps to mitigate CVE-2025-55182 #428

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

dtoxvanilla1991 wants to merge 2 commits into main from fix/security-vulnerability-update

dtoxvanilla1991 commented Dec 4, 2025 •

edited

Loading

Explain your changes

This PR updates the peerDependencies for Next.js to reflect the critical security advisory GHSA-9qr9-h5gf-34mp (CVE-2025-55182). Changes:

Next.js 14: Unchanged (Stable 14.x is unaffected).

Next.js 15: Minimum bumped to 15.5.7 (The latest patch that covers all previous vulnerable minors).

Next.js 16: Minimum bumped to 16.0.7.

Note: While there are earlier patched versions of v15 (e.g., 15.0.5), we are enforcing 15.5.7 to prevent users from resolving to intermediate vulnerable versions like 15.1.0.

Checklist

I have read the “Pull requests” section in the contributing guidelines.
I agree to the terms within the code of conduct.

🛟 If you need help, consider asking for advice over in the Kinde community.


          chore: update peerDependencies for next, react, and react-dom versions

92c29da

dtoxvanilla1991 requested a review from a team as a code owner

December 4, 2025 01:12

Contributor

coderabbitai bot commented Dec 4, 2025 •

edited

Loading

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)

package.json is excluded by !**/*.json
pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml, !**/*.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch fix/security-vulnerability-update

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

dtoxvanilla1991 self-assigned this

coderabbitai bot approved these changes

View reviewed changes


          chore: update dependencies to address security vulnerabilities in rea…

a60602f

…ct and next

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet