Skip to content

chore: bump react/next due to recent cve #2554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dgca merged 1 commit into from
Dec 8, 2025
Merged

chore: bump react/next due to recent cve #2554

dgca merged 1 commit into from
Dec 8, 2025

Conversation

@dylsteck
Copy link
Contributor

@dylsteck dylsteck commented Dec 8, 2025

What changed? Why?

This PR uses npx fix-react2shell-next to upgrade React/Next.js versions due to this week's 10.0/10.0 rated CVE.

Notes to reviewers

It is critical that we get this in ASAP to mitigate any security vulnerabilities due to the React CVE.

How has it been tested?

Ran/built the affected apps locally to ensure there are no breaking changes here

@cb-heimdall
Copy link

cb-heimdall commented Dec 8, 2025
edited
Loading

✅ Heimdall Review Status

Requirement Status More Info
Reviews 1/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 0
Sum 1

@vercel
Copy link

vercel bot commented Dec 8, 2025

@dylsteck is attempting to deploy a commit to the Coinbase Team on Vercel.

A member of the Team first needs to authorize it.

@vercel
Copy link

vercel bot commented Dec 8, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
ock-minikit-example Ready Ready Preview Comment Dec 8, 2025 4:35am

@dgca dgca merged commit e1b37c5 into coinbase:main Dec 8, 2025
8 of 10 checks passed
Dargon789 added a commit to Dargon789/onchainkit that referenced this pull request Dec 15, 2025
@Dargon789 @dylsteck
chore: bump react/next due to recent cve (coinbase#2554) (#51)
2e7af03 
Co-authored-by: Dylan Steck <dylancsteck@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgca dgca dgca approved these changes

+1 more reviewer

@aflock aflock aflock approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@dylsteck @cb-heimdall @aflock @dgca