fix(web): Fix CVE 2025-55182 (#654)

brendan-kellam · web-flow · commit 7fc068f8b203 · 2025-12-03T15:59:43.000-08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed issue where files with special characters would fail to load. [#636](https://github.com/sourcebot-dev/sourcebot/issues/636)
 - Fixed Ask performance issues. [#632](https://github.com/sourcebot-dev/sourcebot/pull/632)
 - Fixed regression where creating a new Ask thread when unauthenticated would result in a 404. [#641](https://github.com/sourcebot-dev/sourcebot/pull/641)
+- Updated react and next package versions to fix CVE 2025-55182. [#654](https://github.com/sourcebot-dev/sourcebot/pull/654)
 
 ### Changed
 - Changed the default behaviour for code nav to scope references & definitions search to the current repository. [#647](https://github.com/sourcebot-dev/sourcebot/pull/647)
diff --git a/packages/web/package.json b/packages/web/package.json
@@ -147,7 +147,7 @@
     "langfuse-vercel": "^3.38.4",
     "lucide-react": "^0.517.0",
     "micromatch": "^4.0.8",
-    "next": "15.5.0",
+    "next": "^16.0.7",
     "next-auth": "^5.0.0-beta.30",
     "next-navigation-guard": "^0.2.0",
     "next-themes": "^0.3.0",
@@ -158,9 +158,9 @@
     "posthog-js": "^1.161.5",
     "pretty-bytes": "^6.1.1",
     "psl": "^1.15.0",
-    "react": "19.1.1",
+    "react": "^19.2.1",
     "react-device-detect": "^2.2.3",
-    "react-dom": "19.1.1",
+    "react-dom": "^19.2.1",
     "react-hook-form": "^7.53.0",
     "react-hotkeys-hook": "^4.5.1",
     "react-icons": "^5.3.0",
@@ -196,8 +196,8 @@
     "@types/node": "^20",
     "@types/nodemailer": "^6.4.17",
     "@types/psl": "^1.1.3",
-    "@types/react": "19.1.10",
-    "@types/react-dom": "19.1.7",
+    "@types/react": "19.2.1",
+    "@types/react-dom": "19.2.1",
     "@typescript-eslint/eslint-plugin": "^8.40.0",
     "@typescript-eslint/parser": "^8.40.0",
     "cross-env": "^7.0.3",
@@ -217,7 +217,7 @@
     "vitest-mock-extended": "^3.1.0"
   },
   "resolutions": {
-    "@types/react": "19.1.10",
-    "@types/react-dom": "19.1.7"
+    "@types/react": "19.2.1",
+    "@types/react-dom": "19.2.1"
   }
 }
diff --git a/packages/web/tsconfig.json b/packages/web/tsconfig.json
@@ -14,7 +14,7 @@
     "moduleResolution": "bundler",
     "resolveJsonModule": true,
     "isolatedModules": true,
-    "jsx": "preserve",
+    "jsx": "react-jsx",
     "incremental": true,
     "plugins": [
       {
@@ -35,7 +35,8 @@
     "next-env.d.ts",
     "**/*.ts",
     "**/*.tsx",
-    ".next/types/**/*.ts"
+    ".next/types/**/*.ts",
+    ".next/dev/types/**/*.ts"
   ],
   "exclude": [
     "node_modules"
diff --git a/yarn.lock b/yarn.lock
