denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cd4d2367abc7f389954f5770f95b032dcc0c17af
portfolio/SECURITY-UPDATE.md
denshooter e74f85da41
Some checks failed
CI/CD Pipeline (Using Gitea Variables & Secrets) / production (push) Failing after 11m31s
Details
Test Gitea Variables and Secrets / test-variables (push) Successful in 4s
Details
chore(security): update dependencies to fix vulnerabilities 
- Update Next.js to 15.5.7 and React to 19.0.1 (React2Shell fix)
- Update Nodemailer to 7.0.11 (Security fix)
- Update React Markdown and others to resolve all audit issues
- Add SECURITY-UPDATE.md
2025-12-08 16:21:11 +01:00

1.1 KiB
Raw Blame History

Security Update - 2025-12-08

Addressed critical and moderate vulnerabilities including CVE-2025-55182, CVE-2025-66478 (React2Shell), and others affecting nodemailer and markdown processing.

Updates

  • Next.js: Updated to 15.5.7 (Patched version for 15.5.x branch)
  • React: Updated to 19.0.1 (Patched version)
  • React DOM: Updated to 19.0.1 (Patched version)
  • ESLint Config Next: Updated to 15.5.7
  • Nodemailer: Updated to 7.0.11 (Fixes GHSA-mm7p-fcc7-pg87, GHSA-rcmh-qjqh-p98v)
  • Nodemailer Mock: Updated to 2.0.9 (Compatibility update)
  • React Markdown: Updated to Latest (Fixes mdast-util-to-hast vulnerability)
  • Gray Matter/JS-YAML: Resolved js-yaml vulnerability via dependency updates.

Verification

  • npm run build passed successfully.
  • npm audit reports 0 vulnerabilities.
  • Application logic verified via partial test suite execution (known pre-existing test environment issues noted).

Advisory References

  • BITS-H Nr. 2025-304569-1132 (React/Next.js)
  • GHSA-mm7p-fcc7-pg87 (Nodemailer)
  • GHSA-rcmh-qjqh-p98v (Nodemailer)