Skip to content

feat: sec avoid vulnerable version of react #2452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
DmitryAnansky merged 3 commits into from
Dec 9, 2025
Merged

feat: sec avoid vulnerable version of react #2452

DmitryAnansky merged 3 commits into from
Dec 9, 2025
+17 −12

Conversation

@LoicDaval-Amadeus
Copy link
Contributor

@LoicDaval-Amadeus LoicDaval-Amadeus commented Dec 8, 2025
edited by DmitryAnansky
Loading

What/Why/How?

CVE-2025-55182 affect react version 19.0.0 which could be used given current package.json

Even though react usage is very small, it might still be better to avoid breached version in the future so let's request at least 19.2.1, latest 19 version with patch.

Reference

Testing

Screenshots (optional)

Check yourself

  • Code changed? - Tested with Redoc/Realm/Reunite (internal)
  • All new/updated code is covered by tests
  • New package installed? - Tested in different environments (browser/node)
  • Documentation update considered

Security

  • The security impact of the change has been considered
  • Code follows company security practices and guidelines

@LoicDaval-Amadeus LoicDaval-Amadeus requested a review from a team as a code owner December 8, 2025 17:22
@changeset-bot
Copy link

changeset-bot bot commented Dec 8, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 0fb077a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@redocly/cli Patch
@redocly/openapi-core Patch
@redocly/respect-core Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@LoicDaval-Amadeus
sec: avoid vulnerable version of react
7ee96c0 
CVE-2025-55182 affect react version 19.0.0 which could be used given current package.json

Even though react usage is **very** small, it might still be better to avoid breached version in the future so let's request at least 19.2.1, latest 19 version with patch.
@LoicDaval-Amadeus LoicDaval-Amadeus changed the title Sec: avoid vulnerable version of react sec: avoid vulnerable version of react Dec 9, 2025
@DmitryAnansky DmitryAnansky changed the title sec: avoid vulnerable version of react feat: sec avoid vulnerable version of react Dec 9, 2025
@DmitryAnansky
Copy link
Contributor

DmitryAnansky commented Dec 9, 2025

@LoicDaval-Amadeus
Thank you for your contribution.
Could you please also add a changelog entry by running npx changeset?
The instructions are in CONTRIBUTING.md. Thanks a lot!

@DmitryAnansky DmitryAnansky requested a review from a team as a code owner December 9, 2025 12:27
@DmitryAnansky
Copy link
Contributor

DmitryAnansky commented Dec 9, 2025

Update: added changelog message.

DmitryAnansky
DmitryAnansky reviewed Dec 9, 2025
View reviewed changes
@DmitryAnansky DmitryAnansky mentioned this pull request Dec 9, 2025
Merged
6 tasks
@DmitryAnansky DmitryAnansky merged commit dea5ea6 into Redocly:main Dec 9, 2025
40 of 41 checks passed
@LoicDaval-Amadeus
Copy link
Contributor Author

LoicDaval-Amadeus commented Dec 9, 2025

Wow, this has been faster than expected hehe.
Thanks for the manual addition of the changeset, I missed this part when reading the CONTRIBUTING.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DmitryAnansky DmitryAnansky DmitryAnansky approved these changes

@tatomyr tatomyr tatomyr approved these changes

@JLekawa JLekawa JLekawa approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@LoicDaval-Amadeus @DmitryAnansky @tatomyr @JLekawa