Skip to content

Fix cve-2025-55182 vulnerability #891

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zackproser wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Fix cve-2025-55182 vulnerability #891

zackproser wants to merge 2 commits into from

Conversation

@zackproser
Copy link
Owner

@zackproser zackproser commented Dec 6, 2025
edited by cursor bot
Loading

Update Next.js and React packages to patched versions and regenerate lockfile to fix CVE-2025-55182.

This update addresses the vulnerability by upgrading the framework/tooling stack to releases that no longer include the vulnerable React 19 builds, as advised by Vercel.

Open in Cursor Open in Web

Note

Upgrades Next.js and React to patched releases and updates typing/usages to be compatible, addressing the reported vulnerability.

  • Dependencies (security patch):
    • Bump react/react-dom to 19.2.1 and next to 15.4.8 (plus related @next/*, @types/react*, and ecosystem packages) to use patched builds.
  • Type/compat updates:
    • src/app/providers.tsx: adjust useRef to T | undefined in usePrevious.
    • src/components/ArticleContent.tsx: add explicit type guards for React.isValidElement, handle nullable children, and simplify cloneElement usage.
    • src/components/DevToolCard.tsx: switch to FC and change renderToolDetails to return ReactElement.

Written by Cursor Bugbot for commit 84b574b. This will update automatically on new commits. Configure here.

@cursoragent @zackproser
Refactor: Update dependencies to React 19 and Next 15
ba4adda 
This commit updates project dependencies to align with React 19 and Next 15, ensuring compatibility and leveraging the latest features.

Co-authored-by: zackproser <zackproser@gmail.com>
@cursor
Copy link

cursor bot commented Dec 6, 2025

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
Learn more about Cursor Agents

@vercel
Copy link

vercel bot commented Dec 6, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
portfolio Ready Ready Preview Comment Dec 6, 2025 9:29pm

@cursoragent @zackproser
Refactor: Improve type safety and component rendering
84b574b 
Co-authored-by: zackproser <zackproser@gmail.com>
@zackproser zackproser marked this pull request as ready for review December 11, 2025 04:01
cursor[bot]
cursor bot reviewed Dec 11, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Testing library version incompatible with React 19

The @testing-library/react package remains at version ^14.3.1 which has a peer dependency of react: ^18.0.0, but the project was upgraded to React 19.2.1. This version mismatch can cause test failures, runtime warnings, or unexpected behavior during testing. Version 15+ of @testing-library/react is needed for React 19 support.

package.json#L154-L155

portfolio/package.json

Lines 154 to 155 in 84b574b

"@testing-library/jest-dom": "^6.6.3",
"@testing-library/react": "^14.3.1",

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@zackproser @cursoragent