Skip to content

Update Next.js to 15.5.9 and React to 19.2.3#259

Merged
NebraskaCoder merged 5 commits intodevelopfrom
feature/updates
Dec 13, 2025
Merged

Update Next.js to 15.5.9 and React to 19.2.3#259
NebraskaCoder merged 5 commits intodevelopfrom
feature/updates

Conversation

@NebraskaCoder
Copy link
Member

@NebraskaCoder NebraskaCoder commented Dec 13, 2025

Summary

  • Upgrade next from 15.5.7 to 15.5.9
  • Upgrade eslint-config-next from 15.5.7 to 15.5.9
  • Upgrade react from 19.2.0 to 19.2.3
  • Upgrade react-dom from 19.2.0 to 19.2.3

Security Fixes

This update addresses two open Dependabot security alerts:

Test plan

  • Verify build succeeds
  • Run lint checks
  • Run unit tests
  • Verify site functionality in dev mode

🤖 Generated with Claude Code

@NebraskaCoder @claude
Update Next.js to 15.5.9 and React to 19.2.3
892b497 
- next: 15.5.7 → 15.5.9
- eslint-config-next: 15.5.7 → 15.5.9
- react: 19.2.0 → 19.2.3
- react-dom: 19.2.0 → 19.2.3

Fixes security vulnerabilities:
- CVE: Next.js Server Actions Source Code Exposure
- CVE: Next.js DoS with Server Components

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings December 13, 2025 19:54
@NebraskaCoder NebraskaCoder self-assigned this Dec 13, 2025
@vercel
Copy link

vercel bot commented Dec 13, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
rockylinux-org Ready Ready Preview, Comment Dec 13, 2025 8:26pm

Copilot AI reviewed Dec 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades Next.js from 15.5.7 to 15.5.9 and React from 19.2.0 to 19.2.3 to address two Dependabot security alerts related to server actions source code exposure and denial of service vulnerabilities, both patched in Next.js 15.5.8.

Key Changes:

  • Updated Next.js and eslint-config-next packages to address critical security vulnerabilities
  • Updated React and React-dom to latest patch versions
  • Modified version specifications in both package.json and package-lock.json

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.

File Description
package.json Updates dependency version specifications for Next.js, eslint-config-next, React, and React-dom
package-lock.json Updates locked versions and integrity hashes to match the upgraded dependencies

Critical Issues Identified:

  • The version specifications for next and eslint-config-next are incomplete (showing "15.5" instead of "15.5.9" or "^15.5.9"), which doesn't match the PR description and could lead to unexpected version resolutions
  • The versioning strategy for React packages changed from exact pinning to caret ranges, which is inconsistent with the previous approach

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

NebraskaCoder and others added 2 commits December 13, 2025 14:21
@NebraskaCoder
Update package.json
bb1cda1 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@NebraskaCoder
Update package.json
68a04a4 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
NebraskaCoder and others added 2 commits December 13, 2025 14:24
@NebraskaCoder @claude
Fix next version specifier to ^15.5.9
424836e 
Address Copilot review comment for consistent version specification.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@NebraskaCoder
Merge branch 'develop' into feature/updates
94aee8a
Copilot AI reviewed Dec 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@NebraskaCoder NebraskaCoder merged commit cb09e03 into develop Dec 13, 2025
10 checks passed
@NebraskaCoder NebraskaCoder deleted the feature/updates branch December 13, 2025 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@NebraskaCoder NebraskaCoder

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NebraskaCoder