Upgrade react-dom to 18.3.1 and patch Next.js DoS vulnerabilities#21
Conversation
Review or Edit in CodeSandboxOpen the branch in Web Editor • VS Code • Insiders |
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Co-authored-by: Abuchtela <84213452+Abuchtela@users.noreply.github.com>
Co-authored-by: Abuchtela <84213452+Abuchtela@users.noreply.github.com>
Upgrades
react-domfrom 18.2.0 to 18.3.1 per requirements. Also addresses critical Denial of Service vulnerabilities in Next.js discovered during dependency resolution.Changes
Security Impact
Next.js 14.2.26 contains multiple unpatched DoS vulnerabilities affecting Server Components. Version 14.2.35 resolves all known issues in the 14.2.x branch. All upgraded packages verified against GitHub Advisory Database.
Notes
The @next/swc packages remain at 14.2.33 as specified by Next.js 14.2.35's optionalDependencies - this is intentional and correct per the Next.js package manifest.
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
fonts.googleapis.com/usr/local/bin/node /usr/local/bin/node /home/REDACTED/work/ecosystem-contributions/ecosystem-contributions/node_modules/.pnpm/next@14.2.26_react-dom@18.3.1_react@18.3.1__react@18.3.1/node_modules/next/dist/compiled/jest-worker/processChild.js(dns block)If you need me to access, download, or install something from one of these locations, you can either:
Original prompt
This pull request was created from Copilot chat.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.