Fix React Server Components CVE vulnerabilities (#371)

vercel[bot] · web-flow · commit 8486d306afc3 · 2026-04-21T12:02:26.000-04:00
Updated dependencies to fix Next.js and React CVE vulnerabilities.

The fix-react2shell-next tool automatically updated the following packages to their secure versions:
- next
- react-server-dom-webpack
- react-server-dom-parcel  
- react-server-dom-turbopack

All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory.

Co-authored-by: Vercel &lt;vercel[bot]@users.noreply.github.com&gt;
diff --git a/website/package.json b/website/package.json
@@ -11,7 +11,7 @@
   "dependencies": {
     "@octokit/graphql": "9.0.1",
     "lodash": "^4.17.21",
-    "next": "^15.5.7",
+    "next": "15.5.9",
     "react": "^19.1.1",
     "react-dom": "^19.1.1",
     "tinycolor2": "^1.6.0",
