# Security Update - 2025-12-08

Addressed critical and moderate vulnerabilities including CVE-2025-55182, CVE-2025-66478 (React2Shell), and others affecting nodemailer and markdown processing.

## Updates
- **Next.js**: Updated to `15.5.7` (Patched version for 15.5.x branch)
- **React**: Updated to `19.0.1` (Patched version)
- **React DOM**: Updated to `19.0.1` (Patched version)
- **ESLint Config Next**: Updated to `15.5.7`
- **Nodemailer**: Updated to `7.0.11` (Fixes GHSA-mm7p-fcc7-pg87, GHSA-rcmh-qjqh-p98v)
- **Nodemailer Mock**: Updated to `2.0.9` (Compatibility update)
- **React Markdown**: Updated to `Latest` (Fixes `mdast-util-to-hast` vulnerability)
- **Gray Matter/JS-YAML**: Resolved `js-yaml` vulnerability via dependency updates.

## Verification
- `npm run build` passed successfully.
- `npm audit` reports **0 vulnerabilities**.
- Application logic verified via partial test suite execution (known pre-existing test environment issues noted).

## Advisory References
- BITS-H Nr. 2025-304569-1132 (React/Next.js)
- GHSA-mm7p-fcc7-pg87 (Nodemailer)
- GHSA-rcmh-qjqh-p98v (Nodemailer)