denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
884d7f984b5c5046c5ae5e668dac8182c4f54f54
portfolio/SECURITY-UPDATE.md
denshooter e74f85da41
Some checks failed
CI/CD Pipeline (Using Gitea Variables & Secrets) / production (push) Failing after 11m31s
Details
Test Gitea Variables and Secrets / test-variables (push) Successful in 4s
Details
chore(security): update dependencies to fix vulnerabilities 
- Update Next.js to 15.5.7 and React to 19.0.1 (React2Shell fix)
- Update Nodemailer to 7.0.11 (Security fix)
- Update React Markdown and others to resolve all audit issues
- Add SECURITY-UPDATE.md
2025-12-08 16:21:11 +01:00

24 lines
1.1 KiB
Markdown
Raw Blame History

# Security Update - 2025-12-08
Addressed critical and moderate vulnerabilities including CVE-2025-55182, CVE-2025-66478 (React2Shell), and others affecting nodemailer and markdown processing.
## Updates
- **Next.js**: Updated to `15.5.7` (Patched version for 15.5.x branch)
- **React**: Updated to `19.0.1` (Patched version)
- **React DOM**: Updated to `19.0.1` (Patched version)
- **ESLint Config Next**: Updated to `15.5.7`
- **Nodemailer**: Updated to `7.0.11` (Fixes GHSA-mm7p-fcc7-pg87, GHSA-rcmh-qjqh-p98v)
- **Nodemailer Mock**: Updated to `2.0.9` (Compatibility update)
- **React Markdown**: Updated to `Latest` (Fixes `mdast-util-to-hast` vulnerability)
- **Gray Matter/JS-YAML**: Resolved `js-yaml` vulnerability via dependency updates.
## Verification
- `npm run build` passed successfully.
- `npm audit` reports **0 vulnerabilities**.
- Application logic verified via partial test suite execution (known pre-existing test environment issues noted).
## Advisory References
- BITS-H Nr. 2025-304569-1132 (React/Next.js)
- GHSA-mm7p-fcc7-pg87 (Nodemailer)
- GHSA-rcmh-qjqh-p98v (Nodemailer)
Reference in New Issue View Git Blame Copy Permalink