[PR #1] [MERGED] Fix React Server Components CVE vulnerabilities #1

Closed
opened 2026-02-16 02:16:57 -05:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/run-llama/llama-slides/pull/1
Author: @vercel[bot]
Created: 12/16/2025
Status: Merged
Merged: 12/16/2025
Merged by: @logan-markewich

Base: mainHead: vercel/react-server-components-cve-vu-tf3g64


📝 Commits (1)

  • f14d40d Fix React Server Components CVE vulnerabilities

📊 Changes

2 files changed (+45 additions, -45 deletions)

View changed files

📝 package-lock.json (+44 -44)
📝 package.json (+1 -1)

📄 Description

Important

This is an automatic PR generated by Vercel to help you patch known vulnerabilities related to CVE-2025-55182 (React2Shell), CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779. We can't guarantee the PR is comprehensive, and it may contain mistakes.

Not all projects are affected by all issues, but patched versions are required to ensure full remediation.

Vercel has deployed WAF mitigations globally to help protect your application, but upgrading remains required for complete protection.

This automated pull request updates your React, Next.js, and related Server Components packages to versions that fix all currently known React Server Components vulnerabilities, including the two newly discovered issues.

See our Security Bulletins for more information and reach out to security@vercel.com with any questions.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/run-llama/llama-slides/pull/1 **Author:** [@vercel[bot]](https://github.com/apps/vercel) **Created:** 12/16/2025 **Status:** ✅ Merged **Merged:** 12/16/2025 **Merged by:** [@logan-markewich](https://github.com/logan-markewich) **Base:** `main` ← **Head:** `vercel/react-server-components-cve-vu-tf3g64` --- ### 📝 Commits (1) - [`f14d40d`](https://github.com/run-llama/llama-slides/commit/f14d40d01bec55181de83ffe9c84a9f53cd98b45) Fix React Server Components CVE vulnerabilities ### 📊 Changes **2 files changed** (+45 additions, -45 deletions) <details> <summary>View changed files</summary> 📝 `package-lock.json` (+44 -44) 📝 `package.json` (+1 -1) </details> ### 📄 Description > [!IMPORTANT] > This is an automatic PR generated by Vercel to help you patch known vulnerabilities related to CVE-2025-55182 (React2Shell), CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779. We can't guarantee the PR is comprehensive, and it may contain mistakes. Not all projects are affected by all issues, but **patched versions are required to ensure full remediation**. Vercel has deployed WAF mitigations globally to help protect your application, but upgrading remains required for complete protection. This automated pull request updates your React, Next.js, and related Server Components packages to versions that fix **all currently known React Server Components vulnerabilities**, including the two newly discovered issues. See our [Security Bulletins](https://vercel.com/kb/bulletin/) for more information and reach out to security@vercel.com with any questions. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-02-16 02:16:57 -05:00
yindo closed this issue 2026-02-16 02:16:57 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: run-llama/llama-slides#1