From 27dd401b5df13bc70b0b23ef5012a3dfcf90539a Mon Sep 17 00:00:00 2001
From: Vercel <vercel[bot]@users.noreply.github.com>
Date: Sat, 4 Apr 2026 18:08:30 +0000
Subject: [PATCH] Fix React Server Components CVE vulnerabilities

Updated dependencies to fix Next.js and React CVE vulnerabilities.

The fix-react2shell-next tool automatically updated the following packages to their secure versions:
- next
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack

All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory.

Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
---
 package-lock.json | 17 ++++++++---------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 21e7ffa..f3e4922 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -24,7 +24,7 @@
         "clsx": "^2.1.1",
         "date-fns": "^3.6.0",
         "lucide-react": "^0.453.0",
-        "next": "^15.0.5",
+        "next": "15.0.7",
         "react": "^18.3.1",
         "react-dom": "^18.3.1",
         "recharts": "^2.12.7",
@@ -504,9 +504,9 @@
       }
     },
     "node_modules/@next/env": {
-      "version": "15.0.5",
-      "resolved": "https://registry.npmjs.org/@next/env/-/env-15.0.5.tgz",
-      "integrity": "sha512-rDeqk/QF6OxTSvQItPdtyR0O4QN5L2a794F4+i8/syHN92DqFXcLNhZgLtYhW3rrJ23vRR7B5wIamsgGM4I6UQ==",
+      "version": "15.0.7",
+      "resolved": "https://registry.npmjs.org/@next/env/-/env-15.0.7.tgz",
+      "integrity": "sha512-g/v9G2Xmv9T6w/DcRdcdVkLuAHnGt5fcJ3C33PmPrrdtUrwrjXcT4jXasdedSbw+koXa4YeEA3nPgy6q2wmk2A==",
       "license": "MIT"
     },
     "node_modules/@next/swc-darwin-arm64": {
@@ -3303,13 +3303,12 @@
       }
     },
     "node_modules/next": {
-      "version": "15.0.5",
-      "resolved": "https://registry.npmjs.org/next/-/next-15.0.5.tgz",
-      "integrity": "sha512-WTh/Rmxkn4J4vwSYiqEZGzoxjid83iCyN0qg7oJFKzHjYCzy5mwBRqWVlFotM9nAnxGGv5MzbMa4gMu88qeGLA==",
-      "deprecated": "This version has a security vulnerability. Please upgrade to a patched version. See https://nextjs.org/blog/security-update-2025-12-11 for more details.",
+      "version": "15.0.7",
+      "resolved": "https://registry.npmjs.org/next/-/next-15.0.7.tgz",
+      "integrity": "sha512-Vl6fLEuOP1MgtEmDrY51BQr6Bl8oC8vDSHdA10xZWPPZa6e+dOwYNDLWHjvTktNLZkKYySpsW3Yzy4Lo+JORkw==",
       "license": "MIT",
       "dependencies": {
-        "@next/env": "15.0.5",
+        "@next/env": "15.0.7",
         "@swc/counter": "0.1.3",
         "@swc/helpers": "0.5.13",
         "busboy": "1.6.0",
diff --git a/package.json b/package.json
index 48f6691..5fab092 100644
--- a/package.json
+++ b/package.json
@@ -24,7 +24,7 @@
     "clsx": "^2.1.1",
     "date-fns": "^3.6.0",
     "lucide-react": "^0.453.0",
-    "next": "^15.0.5",
+    "next": "15.0.7",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "recharts": "^2.12.7",