swc-project
Fix React Server Components CVE vulnerabilities
[!IMPORTANT] This is an automatic PR generated by Vercel to help you patch known vulnerabilities related to CVE-2025-55182 (React2Shell), CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779. We can't guarantee the PR is comprehensive, and it may contain mistakes.
Not all projects are affected by all issues, but patched versions are required to ensure full remediation.
Vercel has deployed WAF mitigations globally to help protect your application, but upgrading remains required for complete protection.
This automated pull request updates your React, Next.js, and related Server Components packages to versions that fix all currently known React Server Components vulnerabilities, including the two newly discovered issues.
See our Security Bulletins for more information and reach out to [email protected] with any questions.
Fixes VULN-3429
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
The latest updates on your projects. Learn more about Vercel for GitHub.
| Project | Deployment | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| plugins |  Ready |
Preview | Comment | Dec 12, 2025 3:38am |
| website | Ready |
Preview | Comment | Dec 12, 2025 3:38am |
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
| Diff | Package | Supply Chain Security |
Vulnerability | Quality | Maintenance | License |
|---|---|---|---|---|---|---|
 | next@15.4.8 ⏵ 15.4.10 |  +11 |  +18 |  +1 |  +1 |  |
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}