Skip to content

chore(deps): refresh react-next16-ts dependencies #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AtofStryker merged 2 commits into from
Dec 8, 2025
Merged

chore(deps): refresh react-next16-ts dependencies #61

AtofStryker merged 2 commits into from
Dec 8, 2025

Conversation

@MikeMcC399
Copy link
Contributor

@MikeMcC399 MikeMcC399 commented Dec 6, 2025

Situation

Vercel has reported a critical vulnerability CVE-2025-55182 in next<16.0.7.

Change

Convert next, react & react-dom npm dependencies to semver caret range format (^) to allow simpler version maintenance, then use npm update --save to update dependencies.

This includes updating from [email protected] to [email protected].

Verification

Execute:

cd react-next16-ts
npm ci
npm audit
npm run cypress:run

and confirm "found 0 vulnerabilities" and "All specs passed!".

@MikeMcC399
chore(deps): refresh react-next16-ts dependencies
53bc2e9 
Update all dependencies according to their semver settings,
including next to 16.0.7 for CVE-2025-55182 critical vulnerability
@MikeMcC399
Copy link
Contributor Author

MikeMcC399 commented Dec 8, 2025

Consider also changing settings under https://github.com/cypress-io/cypress-component-testing-apps/settings/actions to

Require approval for first-time contributors
Only users who have never had a commit or pull request merged into this repository will require approval to run workflows.

It looks like at the moment the setting is more restrictive (although I can't view it myself, I'm just judging by the fact that my PR is waiting for approval to run a workflow, and I have already contributed to this repo):

Require approval for all external contributors
All users that are not a member or owner of this repository will require approval to run workflows.

@MikeMcC399
Copy link
Contributor Author

MikeMcC399 commented Dec 8, 2025

@AtofStryker

This PR would also need review and merge, if you care to take a look!

@AtofStryker
Copy link
Contributor

AtofStryker commented Dec 8, 2025

@MikeMcC399 I'll merge this in shortly. Thank you for bringing the CVE to my attention. There are a few other repos I need to update!

@AtofStryker AtofStryker merged commit 945ea50 into cypress-io:main Dec 8, 2025
10 checks passed
@AtofStryker AtofStryker mentioned this pull request Dec 8, 2025
Merged
@MikeMcC399 MikeMcC399 deleted the update/next16 branch December 8, 2025 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AtofStryker AtofStryker AtofStryker approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MikeMcC399 @AtofStryker