denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(security): update dependencies to fix vulnerabilities
Some checks failed
CI/CD Pipeline (Using Gitea Variables & Secrets) / production (push) Failing after 11m31s
Details
Test Gitea Variables and Secrets / test-variables (push) Successful in 4s
Details

Browse Source 
- Update Next.js to 15.5.7 and React to 19.0.1 (React2Shell fix)
- Update Nodemailer to 7.0.11 (Security fix)
- Update React Markdown and others to resolve all audit issues
- Add SECURITY-UPDATE.md
This commit is contained in:
denshooter
2025-12-08 16:21:11 +01:00
parent a4af934504
commit e74f85da41
3 changed files with 258 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
SECURITY-UPDATE.md Normal file
View File

@@ -0,0 +1,23 @@
# Security Update - 2025-12-08
Addressed critical and moderate vulnerabilities including CVE-2025-55182, CVE-2025-66478 (React2Shell), and others affecting nodemailer and markdown processing.
## Updates
- **Next.js**: Updated to `15.5.7` (Patched version for 15.5.x branch)
- **React**: Updated to `19.0.1` (Patched version)
- **React DOM**: Updated to `19.0.1` (Patched version)
- **ESLint Config Next**: Updated to `15.5.7`
- **Nodemailer**: Updated to `7.0.11` (Fixes GHSA-mm7p-fcc7-pg87, GHSA-rcmh-qjqh-p98v)
- **Nodemailer Mock**: Updated to `2.0.9` (Compatibility update)
- **React Markdown**: Updated to `Latest` (Fixes `mdast-util-to-hast` vulnerability)
- **Gray Matter/JS-YAML**: Resolved `js-yaml` vulnerability via dependency updates.
## Verification
- `npm run build` passed successfully.
- `npm audit` reports **0 vulnerabilities**.
- Application logic verified via partial test suite execution (known pre-existing test environment issues noted).
## Advisory References
- BITS-H Nr. 2025-304569-1132 (React/Next.js)
- GHSA-mm7p-fcc7-pg87 (Nodemailer)
- GHSA-rcmh-qjqh-p98v (Nodemailer)