Skip to content

Commit a0ed07c

Browse files
security: Fix Dependabot vulnerabilities (2 high severity)
Fixed vulnerabilities: - Next.js: Upgrade to 15.5.10 (fixes DoS via React Server Components) - tar: Override to v7.5.7+ (fixes arbitrary file creation via hardlink traversal) Remaining (accepted): - Next.js PPR Resume Endpoint (moderate severity) - requires major version upgrade to v16 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
1 parent b3451ef commit a0ed07c

2 files changed

Lines changed: 15 additions & 12 deletions

File tree

website/package-lock.json

Lines changed: 11 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

website/package.json

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@
1111
"start": "next start",
1212
"lint": "eslint"
1313
},
14+
"overrides": {
15+
"tar": "^7.5.7"
16+
},
1417
"dependencies": {
1518
"@mdx-js/loader": "^3.1.1",
1619
"@mdx-js/react": "^3.1.1",
@@ -20,7 +23,7 @@
2023
"bcryptjs": "^3.0.2",
2124
"gray-matter": "^4.0.3",
2225
"ioredis": "^5.8.2",
23-
"next": "15.5.9",
26+
"next": "15.5.10",
2427
"nodemailer": "^7.0.10",
2528
"pg": "^8.16.3",
2629
"react": "19.1.4",

0 commit comments

Comments
 (0)