Skip to content

fix: upgrade react-server-dom-webpack to fix security vulnerability #7976

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
caohuilin merged 1 commit into from
Dec 8, 2025
Merged

fix: upgrade react-server-dom-webpack to fix security vulnerability #7976

caohuilin merged 1 commit into from
Dec 8, 2025

Conversation

@yimingjfe
Copy link
Member

@yimingjfe yimingjfe commented Dec 5, 2025

Summary

This PR upgrades react-server-dom-webpack to fix a critical security vulnerability (CVE-2025-55182) #7970

Related Links

Checklist

  • I have added changeset via pnpm run change.
  • I have updated the documentation.
  • I have added tests to cover my changes.

@changeset-bot
Copy link

changeset-bot bot commented Dec 5, 2025

⚠️ No Changeset found

Latest commit: 0e6539b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@netlify
Copy link

netlify bot commented Dec 5, 2025
edited
Loading

Deploy Preview for modernjs-byted ready!

Name Link
🔨 Latest commit 0e6539b
🔍 Latest deploy log https://app.netlify.com/projects/modernjs-byted/deploys/6932aaffc1361c0008f0dd70
😎 Deploy Preview https://deploy-preview-7976--modernjs-byted.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 79 (🔴 down 20 from production)
Accessibility: 90 (no change from production)
Best Practices: 100 (no change from production)
SEO: 91 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@micahgodbolt
Copy link

micahgodbolt commented Dec 6, 2025

Is there an estimate for when this PR will be merged and published? We'd like to know if we can rely on this change happening soon or take other measure to patch the bundled dependency.

@caohuilin caohuilin merged commit bc4619b into web-infra-dev:v2 Dec 8, 2025
12 checks passed
@github-actions github-actions bot mentioned this pull request Dec 8, 2025
Merged
1 task
@yimingjfe
Copy link
Member Author

yimingjfe commented Dec 8, 2025
edited
Loading

Is there an estimate for when this PR will be merged and published? We'd like to know if we can rely on this change happening soon or take other measure to patch the bundled dependency.

Hi, we have released it, you can use version 2.69.3, and this issue will not affect any Modern.js repositories,because only RSC projects will be affected by this issue, Modern.js has not release RSC feature.

@micahgodbolt micahgodbolt mentioned this pull request Dec 8, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@caohuilin caohuilin caohuilin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yimingjfe @micahgodbolt @caohuilin