facebook
[React2Shell] How to mitigate in React Native
[!IMPORTANT] See this comment for the impact to React Native and steps to mitigate.
-@rickhanlonii
Description
A security vulnerability with React was disclosed (https://nvd.nist.gov/vuln/detail/CVE-2025-55182). While trying to upgrade a RN 0.81.5 old arch app to React version 19.1.2, an error is thrown from ReactNativeRender.
For 0.81.5, ReactNativeRenderer is expecting React version 19.1.0.
While React Native apps are not susceptible to the vulnerability, many apps live in monorepos with NextJS (or other RSC powered apps).
I'm wondering if there's a recommendation on how best to proceed? Would it be possible to release patch versions of React Native that increment the supported/expected React version?
Thank you!
Steps to reproduce
npx @react-native-community/cli init --version 0.81.5- Turn off new arch (i.e.
:new_arch_enabled => falseinPodfile) - Update React version in generated app's
package.jsonto19.1.2 npm run startnpm run ios- see errors:
console.js:661 Error: Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:
- react: 19.1.2
- react-native-renderer: 19.1.0
React Native Version
0.81.5, 0.82.1
Affected Platforms
Runtime - iOS, Runtime - Android
Output of npx @react-native-community/cli info
N/A
Stacktrace or Logs
console.js:661 Error: Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:
- react: 19.1.2
- react-native-renderer: 19.1.0
Learn more: https://react.dev/warnings/version-mismatch
at anonymous (ReactNativeRenderer-dev.js:16872:18)
at anonymous (ReactNativeRenderer-dev.js:17081:4)
at loadModuleImplementation (require.js:285:12)
at guardedLoadModule (require.js:190:36)
at metroRequire (require.js:98:24)
at anonymous (ReactNative.js:19:24)
at loadModuleImplementation (require.js:285:12)
at guardedLoadModule (require.js:183:45)
at metroRequire (require.js:98:24)
at renderElement (RendererImplementation.js:49:12)
at renderApplication (renderApplication.js:102:25)
at anonymous (AppRegistryImpl.js:89:22)
at runApplication (AppRegistryImpl.js:178:20)
at apply (native)
at __callFunction (MessageQueue.js:435:34)
at anonymous (MessageQueue.js:114:26)
at __guard (MessageQueue.js:369:11)
at callFunctionReturnFlushedQueue (MessageQueue.js:113:17)
anonymous @ console.js:661
overrideMethod @ backend.js:17416
reactConsoleErrorHandler @ ExceptionsManager.js:184
anonymous @ setUpDeveloperTools.js:42
reportException @ ExceptionsManager.js:108
handleException @ ExceptionsManager.js:173
handleError @ setUpErrorHandling.js:25
reportFatalError @ error-guard.js:49
guardedLoadModule @ require.js:185
metroRequire @ require.js:98
renderElement @ RendererImplementation.js:49
renderApplication @ renderApplication.js:102
anonymous @ AppRegistryImpl.js:89
runApplication @ AppRegistryImpl.js:178
__callFunction @ MessageQueue.js:435
anonymous @ MessageQueue.js:114
__guard @ MessageQueue.js:369
callFunctionReturnFlushedQueue @ MessageQueue.js:113
console.js:661 TypeError: Cannot read property 'default' of undefined
at renderElement (RendererImplementation.js:49:45)
at renderApplication (renderApplication.js:102:25)
at anonymous (AppRegistryImpl.js:89:22)
at runApplication (AppRegistryImpl.js:178:20)
at apply (native)
at __callFunction (MessageQueue.js:435:34)
at anonymous (MessageQueue.js:114:26)
at __guard (MessageQueue.js:369:11)
at callFunctionReturnFlushedQueue (MessageQueue.js:113:17)
anonymous @ console.js:661
overrideMethod @ backend.js:17416
reactConsoleErrorHandler @ ExceptionsManager.js:184
anonymous @ setUpDeveloperTools.js:42
reportException @ ExceptionsManager.js:108
handleException @ ExceptionsManager.js:173
handleError @ setUpErrorHandling.js:25
reportFatalError @ error-guard.js:49
__guard @ MessageQueue.js:371
callFunctionReturnFlushedQueue @ MessageQueue.js:113
console.js:661 Error: Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:
- react: 19.1.2
- react-native-renderer: 19.1.0
Learn more: https://react.dev/warnings/version-mismatch
at anonymous (ReactNativeRenderer-dev.js:16872:18)
at anonymous (ReactNativeRenderer-dev.js:17081:4)
at loadModuleImplementation (require.js:285:12)
at guardedLoadModule (require.js:190:36)
at metroRequire (require.js:98:24)
at anonymous (ReactNative.js:19:24)
at loadModuleImplementation (require.js:285:12)
at guardedLoadModule (require.js:183:45)
at metroRequire (require.js:98:24)
at renderElement (RendererImplementation.js:49:12)
at renderApplication (renderApplication.js:102:25)
at anonymous (AppRegistryImpl.js:89:22)
at runApplication (AppRegistryImpl.js:178:20)
at apply (native)
at __callFunction (MessageQueue.js:435:34)
at anonymous (MessageQueue.js:114:26)
at __guard (MessageQueue.js:369:11)
at callFunctionReturnFlushedQueue (MessageQueue.js:113:17)
anonymous @ console.js:661
overrideMethod @ backend.js:17416
reactConsoleErrorHandler @ ExceptionsManager.js:184
anonymous @ setUpDeveloperTools.js:42
reportException @ ExceptionsManager.js:108
handleException @ ExceptionsManager.js:173
handleError @ setUpErrorHandling.js:25
reportFatalError @ error-guard.js:49
guardedLoadModule @ require.js:185
metroRequire @ require.js:98
renderElement @ RendererImplementation.js:49
renderApplication @ renderApplication.js:102
anonymous @ AppRegistryImpl.js:89
runApplication @ AppRegistryImpl.js:178
__callFunction @ MessageQueue.js:435
anonymous @ MessageQueue.js:114
__guard @ MessageQueue.js:369
callFunctionReturnFlushedQueue @ MessageQueue.js:113
console.js:661 TypeError: Cannot read property 'default' of undefined
at renderElement (RendererImplementation.js:49:45)
at renderApplication (renderApplication.js:102:25)
at anonymous (AppRegistryImpl.js:89:22)
at runApplication (AppRegistryImpl.js:178:20)
at apply (native)
at __callFunction (MessageQueue.js:435:34)
at anonymous (MessageQueue.js:114:26)
at __guard (MessageQueue.js:369:11)
at callFunctionReturnFlushedQueue (MessageQueue.js:113:17)
anonymous @ console.js:661
overrideMethod @ backend.js:17416
reactConsoleErrorHandler @ ExceptionsManager.js:184
anonymous @ setUpDeveloperTools.js:42
reportException @ ExceptionsManager.js:108
handleException @ ExceptionsManager.js:173
handleError @ setUpErrorHandling.js:25
reportFatalError @ error-guard.js:49
__guard @ MessageQueue.js:371
callFunctionReturnFlushedQueue @ MessageQueue.js:113
MANDATORY Reproducer
N/A
Screenshots and Videos
[!WARNING] Missing reproducer: We could not detect a reproducible example in your issue report. Reproducers are mandatory and we can accept only one of those as a valid reproducer:
- For majority of bugs: send us a Pull Request with the RNTesterPlayground.js edited to reproduce your bug.
- If your bug is UI related: a Snack
- If your bug is build/upgrade related: a project using our Reproducer Template
You can read more about about it on our website: How to report a bug.
The vulnerability only affects server components and not React native
True, but with a large pnpm monorepo hosting both web and native apps, mixing React versions isn't a viable option. The error persists because the native app and website require version alignment to function correctly within the shared workspace.
It can't be done with pnpm monorepo to have spereate version for react for the app and for the website
I have the same problem, not because of a monorepo but because it has been flagged by a security team, so deployments are blocked until we guard against a critical security vulnerability. I know react-native isn't affected, but I think releasing an update with minor version bumps is warranted, it's the path of least resistance for a lot of people
For now I found a workaround by suppressing the error. The difference between react-native-renderer for react 16.1.0 and 16.1.2 seems to be minimal, but anyway I'm super anxious about shipping it to prod.
For now I found a workaround by suppressing the error. The difference between react-native-renderer for react 16.1.0 and 16.1.2 seems to be minimal, but anyway I'm super anxious about shipping it to prod.
Hi @kowczarz, how did you suppress the error ? I’m stuck because of this too
@RogierZeebregts I highly recommend extensive testing all flows in the app after the following change.
diff --git a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js
index 9d66361..1586d11 100644
--- a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js
+++ b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js
@@ -16868,7 +16868,7 @@ __DEV__ &&
shouldSuspendImpl = newShouldSuspendImpl;
};
var isomorphicReactPackageVersion = React.version;
- if ("19.1.0" !== isomorphicReactPackageVersion)
+ if ("19.1.2" !== isomorphicReactPackageVersion)
throw Error(
'Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:\n - react: ' +
(isomorphicReactPackageVersion +
diff --git a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js
index b3d1cfa..91e5b72 100644
--- a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js
+++ b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js
@@ -10603,11 +10603,11 @@ function updateContainer(element, container, parentComponent, callback) {
return lane;
}
var isomorphicReactPackageVersion = React.version;
-if ("19.1.0" !== isomorphicReactPackageVersion)
+if ("19.1.2" !== isomorphicReactPackageVersion)
throw Error(
'Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:\n - react: ' +
(isomorphicReactPackageVersion +
- "\n - react-native-renderer: 19.1.0\nLearn more: https://react.dev/warnings/version-mismatch")
+ "\n - react-native-renderer: 19.1.2\nLearn more: https://react.dev/warnings/version-mismatch")
);
if (
"function" !==
diff --git a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-profiling.js b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-profiling.js
index b317ca1..88f7f96 100644
--- a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-profiling.js
+++ b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-profiling.js
@@ -11245,11 +11245,11 @@ function updateContainer(element, container, parentComponent, callback) {
return lane;
}
var isomorphicReactPackageVersion = React.version;
-if ("19.1.0" !== isomorphicReactPackageVersion)
+if ("19.1.2" !== isomorphicReactPackageVersion)
throw Error(
'Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:\n - react: ' +
(isomorphicReactPackageVersion +
- "\n - react-native-renderer: 19.1.0\nLearn more: https://react.dev/warnings/version-mismatch")
+ "\n - react-native-renderer: 19.1.2\nLearn more: https://react.dev/warnings/version-mismatch")
);
if (
"function" !==
Applying the same patch @kowczarz suggested is the route we took - for now.
We're similarly concerned about a possible regression, but so far haven't found one.
We're unsure when we'd be able to remove the patch, though. Unless there's patch releases of RN 81/82, we'd have to wait for RN 83, which presumably would ship with a patched version of React.
I think requesting this to make our life easier for monorepo usage makes sense but just in case someone might be thinking react npm package is relevant for this vulnerability, it is not.
The official GitHub security advisory (https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r) says that only the following packages are affected:
- react-server-dom-parcel
- react-server-dom-turbopack
- react-server-dom-webpack
And the official blog for the announcement additionally mentions packages like Next.js since they have the equivalent code (copy-paste/vendoring) as the above react-server-* packages.
So if there is any security scanner which is flagging react npm package, it is simply a false positive so we should fix the scanner/detector instead also to avoid unnecessary confusion / fear. On the other hand, if you only update react package without upgrading next, the vulnerability is still there.
We can see that there is no diff between [email protected] and [email protected] by comparing the contents of https://registry.npmjs.org/react/-/react-19.2.0.tgz and https://registry.npmjs.org/react/-/react-19.2.1.tgz:
The result of `diff -u -r react-19.2.0 react-19.2.1` (we see there are no actual diff)
diff -u -r react-19.2.0/cjs/react.development.js react-19.2.1/cjs/react.development.js
--- react-19.2.0/cjs/react.development.js 1985-10-26 17:15:00
+++ react-19.2.1/cjs/react.development.js 1985-10-26 17:15:00
@@ -1276,7 +1276,7 @@
exports.useTransition = function () {
return resolveDispatcher().useTransition();
};
- exports.version = "19.2.0";
+ exports.version = "19.2.1";
"undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__ &&
"function" ===
typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.registerInternalModuleStop &&
diff -u -r react-19.2.0/cjs/react.production.js react-19.2.1/cjs/react.production.js
--- react-19.2.0/cjs/react.production.js 1985-10-26 17:15:00
+++ react-19.2.1/cjs/react.production.js 1985-10-26 17:15:00
@@ -539,4 +539,4 @@
exports.useTransition = function () {
return ReactSharedInternals.H.useTransition();
};
-exports.version = "19.2.0";
+exports.version = "19.2.1";
diff -u -r react-19.2.0/cjs/react.react-server.development.js react-19.2.1/cjs/react.react-server.development.js
--- react-19.2.0/cjs/react.react-server.development.js 1985-10-26 17:15:00
+++ react-19.2.1/cjs/react.react-server.development.js 1985-10-26 17:15:00
@@ -844,5 +844,5 @@
exports.useMemo = function (create, deps) {
return resolveDispatcher().useMemo(create, deps);
};
- exports.version = "19.2.0";
+ exports.version = "19.2.1";
})();
diff -u -r react-19.2.0/cjs/react.react-server.production.js react-19.2.1/cjs/react.react-server.production.js
--- react-19.2.0/cjs/react.react-server.production.js 1985-10-26 17:15:00
+++ react-19.2.1/cjs/react.react-server.production.js 1985-10-26 17:15:00
@@ -420,4 +420,4 @@
exports.useMemo = function (create, deps) {
return ReactSharedInternals.H.useMemo(create, deps);
};
-exports.version = "19.2.0";
+exports.version = "19.2.1";
diff -u -r react-19.2.0/package.json react-19.2.1/package.json
--- react-19.2.0/package.json 1985-10-26 17:15:00
+++ react-19.2.1/package.json 1985-10-26 17:15:00
@@ -4,7 +4,7 @@
"keywords": [
"react"
],
- "version": "19.2.0",
+ "version": "19.2.1",
"homepage": "https://react.dev/",
"bugs": "https://github.com/facebook/react/issues",
"license": "MIT",
@kowczarz Your patch seems to work just fine. Tested it thoroughly. Thanks
Hey all, sorry for the confusion.
React2Shell does not impact the react and react-dom packages, though we did bump them as part of our release process since the impacted packages are bumped in lockstep, and when possible you should just update them.
You can view the diff of these packages to verify that they only change the version strings:
For React Native users not using a monorepo or react-dom, your react version should be pinned in your package.json, and there are no additional steps needed. If it's not pinned, and you're not using react-dom in any way, you can pin the react version to prevent the mismatch warning.
Immediate Action Steps for React Native Monorepos
If you are using React Native in a monorepo, you should update the impacted packages if they are installed:
react-server-dom-webpackreact-server-dom-parcelreact-server-dom-turbopack
This is required to mitigate the security advisory, but you do not need to update react and react-dom so this will not cause the version mismatch error in React Native.
In the next version of React Native we will bump the React Native renderers to 19.2.1.
Thank you to @naruaway for providing the correct explanation above.
Going to keep this open, but please do not reply and burry the answer.
Feel free to open a new issue if you have questions.
So, if I'm reading this right: if currently we're using [email protected] with [email protected], the best solution is to update react to 19.1.2 and apply the patches that @kowczarz had kindly provided to us? @rickhanlonii
@rickhanlonii Sorry I'm not quite sure what you mean, can you further explain on your comment? Because I believe it is not possible to only updating react-server-dom-webpack because this package has a peer package requirement of react@^19.1.2. (which I might have missed that you said "we don't need to update react" when writing previous comment). And bumping react-native is also not possible because we're using expo as well.
https://github.com/facebook/react/blob/ede384013798e44926b8540491a7e2e65d8d1915/packages/react-server-dom-webpack/package.json#L103
What did I miss?
Edit: I'm seeing a bit of discussion on expo side, and the conclusion seemed to be "update if possible, otherwise ignore it because it doensn't affect expo.". If monorepo structure is used, then enable autolink in expo expeirmental flags
@RogierZeebregts I highly recommend extensive testing all flows in the app after the following change.
diff --git a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js index 9d66361..1586d11 100644 --- a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js +++ b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js @@ -16868,7 +16868,7 @@ DEV && shouldSuspendImpl = newShouldSuspendImpl; }; var isomorphicReactPackageVersion = React.version;
- if ("19.1.0" !== isomorphicReactPackageVersion)
- if ("19.1.2" !== isomorphicReactPackageVersion) throw Error( 'Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:\n - react: ' + (isomorphicReactPackageVersion + diff --git a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js index b3d1cfa..91e5b72 100644 --- a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js +++ b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js @@ -10603,11 +10603,11 @@ function updateContainer(element, container, parentComponent, callback) { return lane; } var isomorphicReactPackageVersion = React.version; -if ("19.1.0" !== isomorphicReactPackageVersion) +if ("19.1.2" !== isomorphicReactPackageVersion) throw Error( 'Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:\n - react: ' + (isomorphicReactPackageVersion +
"\n - react-native-renderer: 19.1.0\nLearn more: https://react.dev/warnings/version-mismatch")
"\n - react-native-renderer: 19.1.2\nLearn more: https://react.dev/warnings/version-mismatch")
"\n - react-native-renderer: 19.1.0\nLearn more: https://react.dev/warnings/version-mismatch")
"\n - react-native-renderer: 19.1.2\nLearn more: https://react.dev/warnings/version-mismatch")
After this post you should patch with 19.1.4
diff --git a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js
index 9d66361..5002baf 100644
--- a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js
+++ b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-dev.js
@@ -16868,7 +16868,7 @@ __DEV__ &&
shouldSuspendImpl = newShouldSuspendImpl;
};
var isomorphicReactPackageVersion = React.version;
- if ("19.1.0" !== isomorphicReactPackageVersion)
+ if ("19.1.4" !== isomorphicReactPackageVersion)
throw Error(
'Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:\n - react: ' +
(isomorphicReactPackageVersion +
diff --git a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js
index b3d1cfa..4b4a4ca 100644
--- a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js
+++ b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-prod.js
@@ -10603,11 +10603,11 @@ function updateContainer(element, container, parentComponent, callback) {
return lane;
}
var isomorphicReactPackageVersion = React.version;
-if ("19.1.0" !== isomorphicReactPackageVersion)
+if ("19.1.4" !== isomorphicReactPackageVersion)
throw Error(
'Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:\n - react: ' +
(isomorphicReactPackageVersion +
- "\n - react-native-renderer: 19.1.0\nLearn more: https://react.dev/warnings/version-mismatch")
+ "\n - react-native-renderer: 19.1.4\nLearn more: https://react.dev/warnings/version-mismatch")
);
if (
"function" !==
diff --git a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-profiling.js b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-profiling.js
index b317ca1..0e6531e 100644
--- a/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-profiling.js
+++ b/node_modules/react-native/Libraries/Renderer/implementations/ReactNativeRenderer-profiling.js
@@ -11245,11 +11245,11 @@ function updateContainer(element, container, parentComponent, callback) {
return lane;
}
var isomorphicReactPackageVersion = React.version;
-if ("19.1.0" !== isomorphicReactPackageVersion)
+if ("19.1.4" !== isomorphicReactPackageVersion)
throw Error(
'Incompatible React versions: The "react" and "react-native-renderer" packages must have the exact same version. Instead got:\n - react: ' +
(isomorphicReactPackageVersion +
- "\n - react-native-renderer: 19.1.0\nLearn more: https://react.dev/warnings/version-mismatch")
+ "\n - react-native-renderer: 19.1.4\nLearn more: https://react.dev/warnings/version-mismatch")
);
if (
"function" !==
diff --git a/node_modules/react-native/scripts/.packager.env b/node_modules/react-native/scripts/.packager.env
new file mode 100644
index 0000000..361f5fb
--- /dev/null
+++ b/node_modules/react-native/scripts/.packager.env
@@ -0,0 +1 @@
+export RCT_METRO_PORT=8081
https://www.securityweek.com/react2shell-in-the-wild-exploitation-expected-for-critical-react-vulnerability/ My app has the following version. react: 19.0.0, react-native:0.79.2, @react-native-community/cli:20.0.0 Will this vulnerability impact my app? I need to upgrade React or not?
https://www.securityweek.com/react2shell-in-the-wild-exploitation-expected-for-critical-react-vulnerability/ My app has the following version. react: 19.0.0, react-native:0.79.2, @react-native-community/cli:20.0.0 Will this vulnerability impact my app? I need to upgrade React or not?
You can read the post The vulnerability is present in versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of:
react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack
https://www.securityweek.com/react2shell-in-the-wild-exploitation-expected-for-critical-react-vulnerability/ My app has the following version. react: 19.0.0, react-native:0.79.2, @react-native-community/cli:20.0.0 Will this vulnerability impact my app? I need to upgrade React or not?
You can read the post The vulnerability is present in versions 19.0, 19.1.0, 19.1.1, and 19.2.0 of:
react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack
Thanks for your reply. react-server-dom-webpack react-server-dom-parcel react-server-dom-turbopack
I am not using the above npm packages in my app. So, this vulnerability does not impact my app. right?