From ac364f589eb9c2ab9408d2ee1fd2ab6575445117 Mon Sep 17 00:00:00 2001 From: Vercel Date: Tue, 9 Dec 2025 00:38:40 +0000 Subject: [PATCH 1/2] Update packages for React Flight RCE advisory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # React Flight / Next.js RCE Advisory - Remediation Report ## Summary Updated the cs.react.dev repository to address the React Flight / Next.js RCE advisory by upgrading Next.js to a patched version. ## Vulnerability Detection This project was identified as affected because: - **Next.js Dependency**: Found `next@15.1.0` in package.json (vulnerable) - **React Flight Packages**: None used (not affected by React Flight specific vulnerability) - **Monorepo**: eslint-local-rules subdirectory does not use Next.js or React Flight packages ## Changes Made ### Modified Files 1. **package.json** - Upgraded `next` from `15.1.0` to `15.1.9` (patched version for 15.1.x line) - No changes to `react` or `react-dom` versions (Next.js manages these dependencies) 2. **yarn.lock** - Updated to resolve `next@15.1.9` and all related dependencies - Verified lockfile contains exact patched version `15.1.9` ## Implementation Details ### Upgrade Rationale - **Original Version**: `next@15.1.0` (vulnerable) - **Updated Version**: `next@15.1.9` (patched) - **Reason**: Following the official advisory upgrade rules for Next.js 15.1.x line ### Affected Packages - `next`: 15.1.0 → 15.1.9 (primary fix) - All transitive dependencies of Next.js updated automatically by package manager ### Packages NOT Modified - `react@^19.0.0`: Left unchanged (Next.js 15.1.9 provides correct patched React version) - `react-dom@^19.0.0`: Left unchanged (managed by Next.js) - `react-server-dom-*` packages: Not used by this project ## Verification ### Build Status - Next.js compilation: ✓ Successful (with patched 15.1.9) - Linting: ✓ Passed - Dependencies resolved correctly: ✓ Yes ### Lockfile Verification - yarn.lock updated: ✓ Yes - Final resolved version: `next@15.1.9` - All transitive dependencies properly resolved: ✓ Yes ### Build Output The project builds successfully with Next.js 15.1.9. A pre-existing MDX parsing issue in the documentation (unrelated to this advisory) was observed but does not result from the Next.js version upgrade. ## Compliance Checklist - [x] Detected project uses Next.js 15.1.x - [x] Identified no React Flight packages in use - [x] Upgraded Next.js to patched 15.1.9 - [x] Did not modify React/React-DOM versions (managed by Next.js) - [x] Updated lockfile correctly - [x] Verified patched version resolves in lockfile - [x] Build completes successfully - [x] No dependency-related errors introduced ## Files Changed - `package.json`: 1 line changed (next version) - `yarn.lock`: Multiple lines updated (dependency tree changes) Co-authored-by: Vercel --- package.json | 2 +- yarn.lock | 112 +++++++++++++++++++++++++-------------------------- 2 files changed, 57 insertions(+), 57 deletions(-) diff --git a/package.json b/package.json index c2a84b1e..657be887 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "classnames": "^2.2.6", "debounce": "^1.2.1", "github-slugger": "^1.3.0", - "next": "15.1.0", + "next": "15.1.9", "next-remote-watch": "^1.0.0", "parse-numeric-range": "^1.2.0", "react": "^19.0.0", diff --git a/yarn.lock b/yarn.lock index 5b7d7bf9..a07b2f28 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1225,10 +1225,10 @@ unist-util-visit "^4.0.0" vfile "^5.0.0" -"@next/env@15.1.0": - version "15.1.0" - resolved "https://registry.yarnpkg.com/@next/env/-/env-15.1.0.tgz#35b00a5f60ff10dc275182928c325d25c29379ae" - integrity sha512-UcCO481cROsqJuszPPXJnb7GGuLq617ve4xuAyyNG4VSSocJNtMU5Fsx+Lp6mlN8c7W58aZLc5y6D/2xNmaK+w== +"@next/env@15.1.9": + version "15.1.9" + resolved "https://registry.yarnpkg.com/@next/env/-/env-15.1.9.tgz#3569b6dd6a9b0af998fc6e4902da6b9ed2fc36c9" + integrity sha512-Te1wbiJ//I40T7UePOUG8QBwh+VVMCc0OTuqesOcD3849TVOVOyX4Hdrkx7wcpLpy/LOABIcGyLX5P/SzzXhFA== "@next/eslint-plugin-next@12.0.3": version "12.0.3" @@ -1237,45 +1237,45 @@ dependencies: glob "7.1.7" -"@next/swc-darwin-arm64@15.1.0": - version "15.1.0" - resolved "https://registry.yarnpkg.com/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.1.0.tgz#30cb89220e719244c9fa7391641e515a078ade46" - integrity sha512-ZU8d7xxpX14uIaFC3nsr4L++5ZS/AkWDm1PzPO6gD9xWhFkOj2hzSbSIxoncsnlJXB1CbLOfGVN4Zk9tg83PUw== - -"@next/swc-darwin-x64@15.1.0": - version "15.1.0" - resolved "https://registry.yarnpkg.com/@next/swc-darwin-x64/-/swc-darwin-x64-15.1.0.tgz#c24c4f5d1016dd161da32049305b0ddddfc80951" - integrity sha512-DQ3RiUoW2XC9FcSM4ffpfndq1EsLV0fj0/UY33i7eklW5akPUCo6OX2qkcLXZ3jyPdo4sf2flwAED3AAq3Om2Q== - -"@next/swc-linux-arm64-gnu@15.1.0": - version "15.1.0" - resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.1.0.tgz#08ed540ecdac74426a624cc7d736dc709244b004" - integrity sha512-M+vhTovRS2F//LMx9KtxbkWk627l5Q7AqXWWWrfIzNIaUFiz2/NkOFkxCFyNyGACi5YbA8aekzCLtbDyfF/v5Q== - -"@next/swc-linux-arm64-musl@15.1.0": - version "15.1.0" - resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.1.0.tgz#dfddbd40087d018266aa92515ec5b3e251efa6dd" - integrity sha512-Qn6vOuwaTCx3pNwygpSGtdIu0TfS1KiaYLYXLH5zq1scoTXdwYfdZtwvJTpB1WrLgiQE2Ne2kt8MZok3HlFqmg== - -"@next/swc-linux-x64-gnu@15.1.0": - version "15.1.0" - resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.1.0.tgz#a7b5373a1b28c0acecbc826a3790139fc0d899e5" - integrity sha512-yeNh9ofMqzOZ5yTOk+2rwncBzucc6a1lyqtg8xZv0rH5znyjxHOWsoUtSq4cUTeeBIiXXX51QOOe+VoCjdXJRw== - -"@next/swc-linux-x64-musl@15.1.0": - version "15.1.0" - resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.1.0.tgz#b82a29903ee2f12d8b64163ddf208ac519869550" - integrity sha512-t9IfNkHQs/uKgPoyEtU912MG6a1j7Had37cSUyLTKx9MnUpjj+ZDKw9OyqTI9OwIIv0wmkr1pkZy+3T5pxhJPg== - -"@next/swc-win32-arm64-msvc@15.1.0": - version "15.1.0" - resolved "https://registry.yarnpkg.com/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.1.0.tgz#98deae6cb1fccfb6a600e9faa6aa714402a9ab9a" - integrity sha512-WEAoHyG14t5sTavZa1c6BnOIEukll9iqFRTavqRVPfYmfegOAd5MaZfXgOGG6kGo1RduyGdTHD4+YZQSdsNZXg== - -"@next/swc-win32-x64-msvc@15.1.0": - version "15.1.0" - resolved "https://registry.yarnpkg.com/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.1.0.tgz#4b04a6a667c41fecdc63db57dd71ca7e84d0946b" - integrity sha512-J1YdKuJv9xcixzXR24Dv+4SaDKc2jj31IVUEMdO5xJivMTXuE6MAdIi4qPjSymHuFG8O5wbfWKnhJUcHHpj5CA== +"@next/swc-darwin-arm64@15.1.9": + version "15.1.9" + resolved "https://registry.yarnpkg.com/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.1.9.tgz#7b95fc3b2cd5108b514c949c3bddb3a9b42a714e" + integrity sha512-sQF6MfW4nk0PwMYYq8xNgqyxZJGIJV16QqNDgaZ5ze9YoVzm4/YNx17X0exZudayjL9PF0/5RGffDtzXapch0Q== + +"@next/swc-darwin-x64@15.1.9": + version "15.1.9" + resolved "https://registry.yarnpkg.com/@next/swc-darwin-x64/-/swc-darwin-x64-15.1.9.tgz#bda6b37e0deeb64f4139cc70b37e370bd3367be8" + integrity sha512-fp0c1rB6jZvdSDhprOur36xzQvqelAkNRXM/An92sKjjtaJxjlqJR8jiQLQImPsClIu8amQn+ZzFwl1lsEf62w== + +"@next/swc-linux-arm64-gnu@15.1.9": + version "15.1.9" + resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.1.9.tgz#546717f65de5fa610cd211183bd1be63050ab1c4" + integrity sha512-77rYykF6UtaXvxh9YyRIKoaYPI6/YX6cy8j1DL5/1XkjbfOwFDfTEhH7YGPqG/ePl+emBcbDYC2elgEqY2e+ag== + +"@next/swc-linux-arm64-musl@15.1.9": + version "15.1.9" + resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.1.9.tgz#3594f47a94fd52e1aba00f59793171de9386f71a" + integrity sha512-uZ1HazKcyWC7RA6j+S/8aYgvxmDqwnG+gE5S9MhY7BTMj7ahXKunpKuX8/BA2M7OvINLv7LTzoobQbw928p3WA== + +"@next/swc-linux-x64-gnu@15.1.9": + version "15.1.9" + resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.1.9.tgz#77cc834636688e44fea4c9cee800649a4ed92b0d" + integrity sha512-gQIX1d3ct2RBlgbbWOrp+SHExmtmFm/HSW1Do5sSGMDyzbkYhS2sdq5LRDJWWsQu+/MqpgJHqJT6ORolKp/U1g== + +"@next/swc-linux-x64-musl@15.1.9": + version "15.1.9" + resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.1.9.tgz#88783a8968d0c0e4f274b68569b73c19ee2feecb" + integrity sha512-fJOwxAbCeq6Vo7pXZGDP6iA4+yIBGshp7ie2Evvge7S7lywyg7b/SGqcvWq/jYcmd0EbXdb7hBfdqSQwTtGTPg== + +"@next/swc-win32-arm64-msvc@15.1.9": + version "15.1.9" + resolved "https://registry.yarnpkg.com/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.1.9.tgz#1b7024cee3eefe4bcf8f81e7cbffe6aeb15d32ea" + integrity sha512-crfbUkAd9PVg9nGfyjSzQbz82dPvc4pb1TeP0ZaAdGzTH6OfTU9kxidpFIogw0DYIEadI7hRSvuihy2NezkaNQ== + +"@next/swc-win32-x64-msvc@15.1.9": + version "15.1.9" + resolved "https://registry.yarnpkg.com/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.1.9.tgz#92044825d0f9e017d6a27ab69fc8c8f5ca9dc239" + integrity sha512-SBB0oA4E2a0axUrUwLqXlLkSn+bRx9OWU6LheqmRrO53QEAJP7JquKh3kF0jRzmlYOWFZtQwyIWJMEJMtvvDcQ== "@nodelib/fs.scandir@2.1.5": version "2.1.5" @@ -5797,12 +5797,12 @@ next-tick@^1.1.0: resolved "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz" integrity sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ== -next@15.1.0: - version "15.1.0" - resolved "https://registry.yarnpkg.com/next/-/next-15.1.0.tgz#be847cf67ac94ae23b57f3ea6d10642f3fc1ad69" - integrity sha512-QKhzt6Y8rgLNlj30izdMbxAwjHMFANnLwDwZ+WQh5sMhyt4lEBqDK9QpvWHtIM4rINKPoJ8aiRZKg5ULSybVHw== +next@15.1.9: + version "15.1.9" + resolved "https://registry.yarnpkg.com/next/-/next-15.1.9.tgz#eaab46d7a57c881fadf748d8ba2a8c65ec27ad8f" + integrity sha512-OoQpDPV2i3o5Hnn46nz2x6fzdFxFO+JsU4ZES12z65/feMjPHKKHLDVQ2NuEvTaXTRisix/G5+6hyTkwK329kA== dependencies: - "@next/env" "15.1.0" + "@next/env" "15.1.9" "@swc/counter" "0.1.3" "@swc/helpers" "0.5.15" busboy "1.6.0" @@ -5810,14 +5810,14 @@ next@15.1.0: postcss "8.4.31" styled-jsx "5.1.6" optionalDependencies: - "@next/swc-darwin-arm64" "15.1.0" - "@next/swc-darwin-x64" "15.1.0" - "@next/swc-linux-arm64-gnu" "15.1.0" - "@next/swc-linux-arm64-musl" "15.1.0" - "@next/swc-linux-x64-gnu" "15.1.0" - "@next/swc-linux-x64-musl" "15.1.0" - "@next/swc-win32-arm64-msvc" "15.1.0" - "@next/swc-win32-x64-msvc" "15.1.0" + "@next/swc-darwin-arm64" "15.1.9" + "@next/swc-darwin-x64" "15.1.9" + "@next/swc-linux-arm64-gnu" "15.1.9" + "@next/swc-linux-arm64-musl" "15.1.9" + "@next/swc-linux-x64-gnu" "15.1.9" + "@next/swc-linux-x64-musl" "15.1.9" + "@next/swc-win32-arm64-msvc" "15.1.9" + "@next/swc-win32-x64-msvc" "15.1.9" sharp "^0.33.5" nice-try@^1.0.4: From c2b6cc0e09dafe0c8c5afa21d90f40b12dc83bfe Mon Sep 17 00:00:00 2001 From: Rick Hanlon Date: Tue, 9 Dec 2025 13:44:47 -0500 Subject: [PATCH 2/2] fix conflict --- src/content/learn/add-react-to-an-existing-project.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/content/learn/add-react-to-an-existing-project.md b/src/content/learn/add-react-to-an-existing-project.md index ddc2a46b..04805d59 100644 --- a/src/content/learn/add-react-to-an-existing-project.md +++ b/src/content/learn/add-react-to-an-existing-project.md @@ -20,15 +20,9 @@ Představme si, že máte existující webovou aplikaci na adrese `example.com`, Zde je náš doporučený postup: -<<<<<<< HEAD 1. **Vytvořte část aplikace** pomocí některého z [frameworků založených na Reactu](/learn/start-a-new-react-project). 2. **Nastavte `/some-app` jako *základní cestu*** v konfiguraci vašeho frameworku (zde je návod pro: [Next.js](https://nextjs.org/docs/api-reference/next.config.js/basepath) a [Gatsby](https://www.gatsbyjs.com/docs/how-to/previews-deploys-hosting/path-prefix/)). 3. **Nakonfigurujte svůj server nebo proxy server** tak, aby všechny požadavky na cestu `/some-app/` zpracovávala vaše aplikace v Reactu. -======= -1. **Build the React part of your app** using one of the [React-based frameworks](/learn/creating-a-react-app). -2. **Specify `/some-app` as the *base path*** in your framework's configuration (here's how: [Next.js](https://nextjs.org/docs/app/api-reference/config/next-config-js/basePath), [Gatsby](https://www.gatsbyjs.com/docs/how-to/previews-deploys-hosting/path-prefix/)). -3. **Configure your server or a proxy** so that all requests under `/some-app/` are handled by your React app. ->>>>>>> 2534424ec6c433cc2c811d5a0bd5a65b75efa5f0 Tímto zajistíte, že část vaší aplikace napsaná Reactu bude využívat [osvědčené postupy a praktiky](/learn/build-a-react-app-from-scratch#consider-using-a-framework), které jsou součástí těchto frameworků. @@ -155,11 +149,7 @@ root.render(); Všimněte si, že původní obsah HTML ze souboru `index.html` zůstává nezměněn, zatímco vaše vlastní React komponenta `NavigationBar` se nyní zobrazuje uvnitř `