From cffb6a7b7d00fbe09df5b40d1731e1055bff0900 Mon Sep 17 00:00:00 2001 From: "Sebastian \"Sebbie\" Silbermann" Date: Thu, 11 Dec 2025 07:27:20 +0100 Subject: [PATCH 1/9] Specify that Effects run on commit, not render (#8162) --- src/content/reference/react/useEffect.md | 26 +++++++++---------- .../reference/react/useLayoutEffect.md | 4 +-- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/content/reference/react/useEffect.md b/src/content/reference/react/useEffect.md index da310c762..85389c62e 100644 --- a/src/content/reference/react/useEffect.md +++ b/src/content/reference/react/useEffect.md @@ -44,9 +44,9 @@ function ChatRoom({ roomId }) { #### Parameters {/*parameters*/} -* `setup`: The function with your Effect's logic. Your setup function may also optionally return a *cleanup* function. When your component is added to the DOM, React will run your setup function. After every re-render with changed dependencies, React will first run the cleanup function (if you provided it) with the old values, and then run your setup function with the new values. After your component is removed from the DOM, React will run your cleanup function. +* `setup`: The function with your Effect's logic. Your setup function may also optionally return a *cleanup* function. When your [component commits](/learn/render-and-commit#step-3-react-commits-changes-to-the-dom), React will run your setup function. After every commit with changed dependencies, React will first run the cleanup function (if you provided it) with the old values, and then run your setup function with the new values. After your component is removed from the DOM, React will run your cleanup function. -* **optional** `dependencies`: The list of all reactive values referenced inside of the `setup` code. Reactive values include props, state, and all the variables and functions declared directly inside your component body. If your linter is [configured for React](/learn/editor-setup#linting), it will verify that every reactive value is correctly specified as a dependency. The list of dependencies must have a constant number of items and be written inline like `[dep1, dep2, dep3]`. React will compare each dependency with its previous value using the [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) comparison. If you omit this argument, your Effect will re-run after every re-render of the component. [See the difference between passing an array of dependencies, an empty array, and no dependencies at all.](#examples-dependencies) +* **optional** `dependencies`: The list of all reactive values referenced inside of the `setup` code. Reactive values include props, state, and all the variables and functions declared directly inside your component body. If your linter is [configured for React](/learn/editor-setup#linting), it will verify that every reactive value is correctly specified as a dependency. The list of dependencies must have a constant number of items and be written inline like `[dep1, dep2, dep3]`. React will compare each dependency with its previous value using the [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) comparison. If you omit this argument, your Effect will re-run after every commit of the component. [See the difference between passing an array of dependencies, an empty array, and no dependencies at all.](#examples-dependencies) #### Returns {/*returns*/} @@ -107,14 +107,14 @@ You need to pass two arguments to `useEffect`: **React calls your setup and cleanup functions whenever it's necessary, which may happen multiple times:** 1. Your setup code runs when your component is added to the page *(mounts)*. -2. After every re-render of your component where the dependencies have changed: +2. After every commit of your component where the dependencies have changed: - First, your cleanup code runs with the old props and state. - Then, your setup code runs with the new props and state. 3. Your cleanup code runs one final time after your component is removed from the page *(unmounts).* **Let's illustrate this sequence for the example above.** -When the `ChatRoom` component above gets added to the page, it will connect to the chat room with the initial `serverUrl` and `roomId`. If either `serverUrl` or `roomId` change as a result of a re-render (say, if the user picks a different chat room in a dropdown), your Effect will *disconnect from the previous room, and connect to the next one.* When the `ChatRoom` component is removed from the page, your Effect will disconnect one last time. +When the `ChatRoom` component above gets added to the page, it will connect to the chat room with the initial `serverUrl` and `roomId`. If either `serverUrl` or `roomId` change as a result of a commit (say, if the user picks a different chat room in a dropdown), your Effect will *disconnect from the previous room, and connect to the next one.* When the `ChatRoom` component is removed from the page, your Effect will disconnect one last time. **To [help you find bugs,](/learn/synchronizing-with-effects#step-3-add-cleanup-if-needed) in development React runs setup and cleanup one extra time before the setup.** This is a stress-test that verifies your Effect's logic is implemented correctly. If this causes visible issues, your cleanup function is missing some logic. The cleanup function should stop or undo whatever the setup function was doing. The rule of thumb is that the user shouldn't be able to distinguish between the setup being called once (as in production) and a *setup* → *cleanup* → *setup* sequence (as in development). [See common solutions.](/learn/synchronizing-with-effects#how-to-handle-the-effect-firing-twice-in-development) @@ -1145,7 +1145,7 @@ useEffect(() => { #### Passing a dependency array {/*passing-a-dependency-array*/} -If you specify the dependencies, your Effect runs **after the initial render _and_ after re-renders with changed dependencies.** +If you specify the dependencies, your Effect runs **after the initial commit _and_ after commits with changed dependencies.** ```js {3} useEffect(() => { @@ -1242,7 +1242,7 @@ button { margin-left: 5px; } #### Passing an empty dependency array {/*passing-an-empty-dependency-array*/} -If your Effect truly doesn't use any reactive values, it will only run **after the initial render.** +If your Effect truly doesn't use any reactive values, it will only run **after the initial commit.** ```js {3} useEffect(() => { @@ -1319,7 +1319,7 @@ export function createConnection(serverUrl, roomId) { #### Passing no dependency array at all {/*passing-no-dependency-array-at-all*/} -If you pass no dependency array at all, your Effect runs **after every single render (and re-render)** of your component. +If you pass no dependency array at all, your Effect runs **after every single commit** of your component. ```js {3} useEffect(() => { @@ -1480,7 +1480,7 @@ Now that you're passing `c => c + 1` instead of `count + 1`, [your Effect no lon ### Removing unnecessary object dependencies {/*removing-unnecessary-object-dependencies*/} -If your Effect depends on an object or a function created during rendering, it might run too often. For example, this Effect re-connects after every render because the `options` object is [different for every render:](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) +If your Effect depends on an object or a function created during rendering, it might run too often. For example, this Effect re-connects after every commit because the `options` object is [different for every render:](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) ```js {6-9,12,15} const serverUrl = 'https://localhost:1234'; @@ -1497,7 +1497,7 @@ function ChatRoom({ roomId }) { const connection = createConnection(options); // It's used inside the Effect connection.connect(); return () => connection.disconnect(); - }, [options]); // 🚩 As a result, these dependencies are always different on a re-render + }, [options]); // 🚩 As a result, these dependencies are always different on a commit // ... ``` @@ -1583,7 +1583,7 @@ With this fix, typing into the input doesn't reconnect the chat. Unlike an objec ### Removing unnecessary function dependencies {/*removing-unnecessary-function-dependencies*/} -If your Effect depends on an object or a function created during rendering, it might run too often. For example, this Effect re-connects after every render because the `createOptions` function is [different for every render:](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) +If your Effect depends on an object or a function created during rendering, it might run too often. For example, this Effect re-connects after every commit because the `createOptions` function is [different for every render:](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) ```js {4-9,12,16} function ChatRoom({ roomId }) { @@ -1601,11 +1601,11 @@ function ChatRoom({ roomId }) { const connection = createConnection(); connection.connect(); return () => connection.disconnect(); - }, [createOptions]); // 🚩 As a result, these dependencies are always different on a re-render + }, [createOptions]); // 🚩 As a result, these dependencies are always different on a commit // ... ``` -By itself, creating a function from scratch on every re-render is not a problem. You don't need to optimize that. However, if you use it as a dependency of your Effect, it will cause your Effect to re-run after every re-render. +By itself, creating a function from scratch on every re-render is not a problem. You don't need to optimize that. However, if you use it as a dependency of your Effect, it will cause your Effect to re-run after every commit. Avoid using a function created during rendering as a dependency. Instead, declare it inside the Effect: @@ -1775,7 +1775,7 @@ First, check that you haven't forgotten to specify the dependency array: ```js {3} useEffect(() => { // ... -}); // 🚩 No dependency array: re-runs after every render! +}); // 🚩 No dependency array: re-runs after every commit! ``` If you've specified the dependency array but your Effect still re-runs in a loop, it's because one of your dependencies is different on every re-render. diff --git a/src/content/reference/react/useLayoutEffect.md b/src/content/reference/react/useLayoutEffect.md index 5ae152b67..24b360404 100644 --- a/src/content/reference/react/useLayoutEffect.md +++ b/src/content/reference/react/useLayoutEffect.md @@ -47,9 +47,9 @@ function Tooltip() { #### Parameters {/*parameters*/} -* `setup`: The function with your Effect's logic. Your setup function may also optionally return a *cleanup* function. Before your component is added to the DOM, React will run your setup function. After every re-render with changed dependencies, React will first run the cleanup function (if you provided it) with the old values, and then run your setup function with the new values. Before your component is removed from the DOM, React will run your cleanup function. +* `setup`: The function with your Effect's logic. Your setup function may also optionally return a *cleanup* function. Before your [component commits](/learn/render-and-commit#step-3-react-commits-changes-to-the-dom), React will run your setup function. After every commit with changed dependencies, React will first run the cleanup function (if you provided it) with the old values, and then run your setup function with the new values. Before your component is removed from the DOM, React will run your cleanup function. -* **optional** `dependencies`: The list of all reactive values referenced inside of the `setup` code. Reactive values include props, state, and all the variables and functions declared directly inside your component body. If your linter is [configured for React](/learn/editor-setup#linting), it will verify that every reactive value is correctly specified as a dependency. The list of dependencies must have a constant number of items and be written inline like `[dep1, dep2, dep3]`. React will compare each dependency with its previous value using the [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) comparison. If you omit this argument, your Effect will re-run after every re-render of the component. +* **optional** `dependencies`: The list of all reactive values referenced inside of the `setup` code. Reactive values include props, state, and all the variables and functions declared directly inside your component body. If your linter is [configured for React](/learn/editor-setup#linting), it will verify that every reactive value is correctly specified as a dependency. The list of dependencies must have a constant number of items and be written inline like `[dep1, dep2, dep3]`. React will compare each dependency with its previous value using the [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) comparison. If you omit this argument, your Effect will re-run after every commit of the component. #### Returns {/*returns*/} From 2a0fed01500bd6e7f4214824b414729918a74c20 Mon Sep 17 00:00:00 2001 From: Ricky Date: Thu, 11 Dec 2025 15:12:39 -0500 Subject: [PATCH 2/9] 12/11 blog post (#8193) --- ...ulnerability-in-react-server-components.md | 18 +- ...ode-exposure-in-react-server-components.md | 165 ++++++++++++++++++ src/content/blog/index.md | 6 + src/content/versions.md | 3 + src/sidebarBlog.json | 9 +- 5 files changed, 199 insertions(+), 2 deletions(-) create mode 100644 src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md diff --git a/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md b/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md index 90a549bc2..3fe7c0bd2 100644 --- a/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md +++ b/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md @@ -42,7 +42,7 @@ If your app’s React code does not use a server, your app is not affected by th Some React frameworks and bundlers depended on, had peer dependencies for, or included the vulnerable React packages. The following React frameworks & bundlers are affected: [next](https://www.npmjs.com/package/next), [react-router](https://www.npmjs.com/package/react-router), [waku](https://www.npmjs.com/package/waku), [@parcel/rsc](https://www.npmjs.com/package/@parcel/rsc), [@vitejs/plugin-rsc](https://www.npmjs.com/package/@vitejs/plugin-rsc), and [rwsdk](https://www.npmjs.com/package/rwsdk). -We will update this post with upgrade instructions on how to upgrade as they become available. +See the [update instructions below](#update-instructions) for how to upgrade to these patches. ### Hosting Provider Mitigations {/*hosting-provider-mitigations*/} @@ -156,6 +156,22 @@ Update to the latest version: npm install react@latest react-dom@latest react-server-dom-webpack@latest ``` + +### React Native {/*react-native*/} + +For React Native users not using a monorepo or `react-dom`, your `react` version should be pinned in your `package.json`, and there are no additional steps needed. + +If you are using React Native in a monorepo, you should update _only_ the impacted packages if they are installed: + +- `react-server-dom-webpack` +- `react-server-dom-parcel` +- `react-server-dom-turbopack` + +This is required to mitigate the security advisory, but you do not need to update `react` and `react-dom` so this will not cause the version mismatch error in React Native. + +See [this issue](https://github.com/facebook/react-native/issues/54772#issuecomment-3617929832) for more information. + + ## Timeline {/*timeline*/} * **November 29th**: Lachlan Davidson reported the security vulnerability via [Meta Bug Bounty](https://bugbounty.meta.com/). diff --git a/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md b/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md new file mode 100644 index 000000000..e1360226f --- /dev/null +++ b/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md @@ -0,0 +1,165 @@ +--- +title: "Denial of Service and Source Code Exposure in React Server Components" +author: The React Team +date: 2025/12/11 +description: Security researchers have found and disclosed two additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability. High vulnerability Denial of Service (CVE-2025-55184), and medium vulnerability Source Code Exposure (CVE-2025-55183) + + +--- + +December 11, 2025 by [The React Team](/community/team) + +--- + + + +Security researchers have found and disclosed two additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability. + +**These new vulnerabilities do not allow for Remote Code Execution.** The patch for React2Shell remains effective at mitigating the Remote Code Execution exploit. + + + +--- + +The new vulnerabilities are disclosed as: + +- **Denial of Service - High Severity**: [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) (CVSS 7.5) +- **Source Code Exposure - Medium Severity**: [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183) (CVSS 5.3) + +These issues are present in the patches published last week. + +We recommend upgrading immediately due to the severity of the newly disclosed vulnerabilities. + + + + +#### It’s common for critical CVEs to uncover follow‑up vulnerabilities. {/*its-common-for-critical-cves-to-uncover-followup-vulnerabilities*/} + +When a critical vulnerability is disclosed, researchers scrutinize adjacent code paths looking for variant exploit techniques to test whether the initial mitigation can be bypassed. + +This pattern shows up across the industry, not just in JavaScript. For example, after [Log4Shell](https://nvd.nist.gov/vuln/detail/cve-2021-44228), additional CVEs ([1](https://nvd.nist.gov/vuln/detail/cve-2021-45046), [2](https://nvd.nist.gov/vuln/detail/cve-2021-45105)) were reported as the community probed the original fix. + +Additional disclosures can be frustrating, but they are generally a sign of a healthy response cycle. + + + +Further details of these vulnerabilities will be provided after the rollout of the fixes are complete. + +## Immediate Action Required {/*immediate-action-required*/} + +These vulnerabilities are present in the same packages and versions as [CVE-2025-55182](http://localhost:3000/blog/2025/12/03/critical-security-vulnerability-in-react-server-components). + +This includes versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: + +* [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack) +* [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel) +* [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme) + +Fixes were backported to versions 19.0.2, 19.1.3, and 19.2.2. If you are using any of the above packages please upgrade to any of the fixed versions immediately. + +As before, if your app’s React code does not use a server, your app is not affected by these vulnerabilities. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by these vulnerabilities. + + + +#### The patches published last week are vulnerable. {/*the-patches-published-last-week-are-vulnerable*/} + +If you already updated for the Critical Security Vulnerability, you will need to update again. + + + +### Affected frameworks and bundlers {/*affected-frameworks-and-bundlers*/} + +Some React frameworks and bundlers depended on, had peer dependencies for, or included the vulnerable React packages. The following React frameworks & bundlers are affected: [next](https://www.npmjs.com/package/next), [react-router](https://www.npmjs.com/package/react-router), [waku](https://www.npmjs.com/package/waku), [@parcel/rsc](https://www.npmjs.com/package/@parcel/rsc), [@vite/rsc-plugin](https://www.npmjs.com/package/@vitejs/plugin-rsc), and [rwsdk](https://www.npmjs.com/package/rwsdk). + +Please see [the instructions in the previous post](https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions) for upgrade steps. + +### Hosting Provider Mitigations {/*hosting-provider-mitigations*/} + +As before, we have worked with a number of hosting providers to apply temporary mitigations. + +You should not depend on these to secure your app, and still update immediately. + +### React Native {/*react-native*/} + +For React Native users not using a monorepo or `react-dom`, your `react` version should be pinned in your `package.json`, and there are no additional steps needed. + +If you are using React Native in a monorepo, you should update _only_ the impacted packages if they are installed: + +- `react-server-dom-webpack` +- `react-server-dom-parcel` +- `react-server-dom-turbopack` + +This is required to mitigate the security advisories, but you do not need to update `react` and `react-dom` so this will not cause the version mismatch error in React Native. + +See [this issue](https://github.com/facebook/react-native/issues/54772#issuecomment-3617929832) for more information. + +## High Severity: Denial of Service {/*high-severity-denial-of-service*/} + +**CVE:** [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) +**Base Score:** 7.5 (High) + +Security researchers have discovered that a malicious HTTP request can be crafted and sent to any Server Functions endpoint that, when deserialized by React, can cause an infinite loop that hangs the server process and consumes CPU. Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components. + +This creates a vulnerability vector where an attacker may be able to deny users from accessing the product, and potentially have a performance impact on the server environment. + +The patches published today mitigate by preventing the infinite loop. + + +## Medium Severity: Source Code Exposure {/*low-severity-source-code-exposure*/} + +**CVE:** [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183) +**Base Score**: 5.3 (Medium) + +A security researcher has discovered that a malicious HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument: + +```javascript +'use server'; + +export async function serverFunction(name) { + const conn = db.createConnection('SECRET KEY'); + const user = await conn.createUser(name); // implicitly stringified, leaked in db + + return { + id: user.id, + message: `Hello, ${name}!` // explicitly stringified, leaked in reply + }} +``` + +An attacker may be able to leak the following: + +```txt +0:{"a":"$@1","f":"","b":"Wy43RxUKdxmr5iuBzJ1pN"} +1:{"id":"tva1sfodwq","message":"Hello, async function(a){console.log(\"serverFunction\");let b=i.createConnection(\"SECRET KEY\");return{id:(await b.createUser(a)).id,message:`Hello, ${a}!`}}!"} +``` + +The patches published today prevent stringifying the Server Function source code. + + + +#### Only secrets in source code may be exposed. {/*only-secrets-in-source-code-may-be-exposed*/} + +Secrets hardcoded in source code may be exposed, but runtime secrets such as `process.env.SECRET` are not affected. + +The scope of the exposed code is limited to the code inside the Server Function, which may include other functions depending on the amount of inlining your bundler provides. + +Always verify against production bundles. + + + +--- + +## Timeline {/*timeline*/} +* **December 3rd**: Leak reported to Vercel and [Meta Bug Bounty](https://bugbounty.meta.com/) by [Andrew MacPherson](https://github.com/AndrewMohawk). +* **December 4th**: Initial DoS reported to [Meta Bug Bounty](https://bugbounty.meta.com/) by [RyotaK](https://ryotak.net). +* **December 6th**: Both issues confirmed by the React team, and the team began investigating. +* **December 7th**: Initial fixes created and the React team began verifying and planning new patch. +* **December 8th**: Affected hosting providers and open source projects notified. +* **December 10th**: Hosting provider mitigations in place and patches verified. +* **December 11th**: Additional DoS reported to [Meta Bug Bounty](https://bugbounty.meta.com/) and added to patch. +* **December 11th**: Patches published and publicly disclosed as [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183) and [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184). + +--- + +## Attribution {/*attribution*/} + +Thank you to [Andrew MacPherson (AndrewMohawk)](https://github.com/AndrewMohawk) for reporting the Source Code Exposure, [RyotaK](https://ryotak.net) from GMO Flatt Security Inc for reporting the initial Denial of Service vulnerability. diff --git a/src/content/blog/index.md b/src/content/blog/index.md index 5a2f1b7f1..30c4a3ffe 100644 --- a/src/content/blog/index.md +++ b/src/content/blog/index.md @@ -12,6 +12,12 @@ You can also follow the [@react.dev](https://bsky.app/profile/react.dev) account
+ + +Security researchers have found and disclosed two additional vulnerabilities in React Server Components while attempting to exploit the patches in last week’s critical vulnerability... + + + There is an unauthenticated remote code execution vulnerability in React Server Components. A fix has been published in versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. diff --git a/src/content/versions.md b/src/content/versions.md index 5b3cb2cd9..62be00cc3 100644 --- a/src/content/versions.md +++ b/src/content/versions.md @@ -54,11 +54,14 @@ For versions older than React 15, see [15.react.dev](https://15.react.dev). - [React 19 Deep Dive: Coordinating HTML](https://www.youtube.com/watch?v=IBBN-s77YSI) **Releases** +- [v19.2.1 (December, 2025)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1922-dec-11-2025) - [v19.2.1 (December, 2025)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1921-dec-3-2025) - [v19.2.0 (October, 2025)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1920-october-1st-2025) +- [v19.1.3 (December, 2025)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1913-dec-11-2025) - [v19.1.2 (December, 2025)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1912-dec-3-2025) - [v19.1.1 (July, 2025)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1911-july-28-2025) - [v19.1.0 (March, 2025)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1910-march-28-2025) +- [v19.0.2 (December, 2025)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1902-dec-11-2025) - [v19.0.1 (December, 2025)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1901-dec-3-2025) - [v19.0.0 (December, 2024)](https://github.com/facebook/react/blob/main/CHANGELOG.md#1900-december-5-2024) diff --git a/src/sidebarBlog.json b/src/sidebarBlog.json index b048ba9ca..e5da90fe9 100644 --- a/src/sidebarBlog.json +++ b/src/sidebarBlog.json @@ -11,11 +11,18 @@ "path": "/blog", "skipBreadcrumb": true, "routes": [ + { + "title": "Denial of Service and Source Code Exposure in React Server Components", + "titleForHomepage": "Additional Vulnerabilities in RSC", + "icon": "blog", + "date": "December 11, 2025", + "path": "/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components" + }, { "title": "Critical Security Vulnerability in React Server Components", "titleForHomepage": "Vulnerability in React Server Components", "icon": "blog", - "date": "December 03, 2025", + "date": "December 3, 2025", "path": "/blog/2025/12/03/critical-security-vulnerability-in-react-server-components" }, { From 1a955f0323af1beda3123dfe9cec86b9c3c82c45 Mon Sep 17 00:00:00 2001 From: Ricky Date: Thu, 11 Dec 2025 16:18:58 -0500 Subject: [PATCH 3/9] rm localhost link (#8194) --- ...rvice-and-source-code-exposure-in-react-server-components.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md b/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md index e1360226f..ed491cddc 100644 --- a/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md +++ b/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md @@ -47,7 +47,7 @@ Further details of these vulnerabilities will be provided after the rollout of t ## Immediate Action Required {/*immediate-action-required*/} -These vulnerabilities are present in the same packages and versions as [CVE-2025-55182](http://localhost:3000/blog/2025/12/03/critical-security-vulnerability-in-react-server-components). +These vulnerabilities are present in the same packages and versions as [CVE-2025-55182](/blog/2025/12/03/critical-security-vulnerability-in-react-server-components). This includes versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: From 72f8998872ab958924a0ff1fda818fae48d5b031 Mon Sep 17 00:00:00 2001 From: Ricky Date: Thu, 11 Dec 2025 17:15:41 -0500 Subject: [PATCH 4/9] Update instructions (#8195) --- ...ulnerability-in-react-server-components.md | 31 +++++++++++++------ ...ode-exposure-in-react-server-components.md | 19 ++++++------ 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md b/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md index 3fe7c0bd2..d47730ecd 100644 --- a/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md +++ b/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md @@ -58,27 +58,40 @@ An unauthenticated attacker could craft a malicious HTTP request to any Server F ## Update Instructions {/*update-instructions*/} + + +These instructions have been updated to include the new vulnerabilities: + + +- **Denial of Service - High Severity**: [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) (CVSS 7.5) +- **Source Code Exposure - Medium Severity**: [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183) (CVSS 5.3) + +See the [follow-up blog post](/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components) for more info. + + + ### Next.js {/*update-next-js*/} All users should upgrade to the latest patched version in their release line: ```bash -npm install next@15.0.5 // for 15.0.x -npm install next@15.1.9 // for 15.1.x -npm install next@15.2.6 // for 15.2.x -npm install next@15.3.6 // for 15.3.x -npm install next@15.4.8 // for 15.4.x -npm install next@15.5.7 // for 15.5.x -npm install next@16.0.7 // for 16.0.x +npm install next@14.2.34 // for 14.x +npm install next@15.0.6 // for 15.0.x +npm install next@15.1.10 // for 15.1.x +npm install next@15.2.7 // for 15.2.x +npm install next@15.3.7 // for 15.3.x +npm install next@15.4.9 // for 15.4.x +npm install next@15.5.8 // for 15.5.x +npm install next@16.0.9 // for 16.0.x ``` -If you are on Next.js 14.3.0-canary.77 or a later canary release, downgrade to the latest stable 14.x release: +If you are on `next@14.3.0-canary.77` or a later canary release, downgrade to the latest stable 14.x release: ```bash npm install next@14 ``` -See the [Next.js changelog](https://nextjs.org/blog/CVE-2025-66478) for more info. +See the [Next.js blog](https://nextjs.org/blog/security-update-2025-12-11) for the latest update instructions and the [previous changelog](https://nextjs.org/blog/CVE-2025-66478) for more info. ### React Router {/*update-react-router*/} diff --git a/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md b/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md index ed491cddc..54e4a8760 100644 --- a/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md +++ b/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md @@ -26,20 +26,15 @@ The new vulnerabilities are disclosed as: - **Denial of Service - High Severity**: [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) (CVSS 7.5) - **Source Code Exposure - Medium Severity**: [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183) (CVSS 5.3) -These issues are present in the patches published last week. - We recommend upgrading immediately due to the severity of the newly disclosed vulnerabilities. - -#### It’s common for critical CVEs to uncover follow‑up vulnerabilities. {/*its-common-for-critical-cves-to-uncover-followup-vulnerabilities*/} - -When a critical vulnerability is disclosed, researchers scrutinize adjacent code paths looking for variant exploit techniques to test whether the initial mitigation can be bypassed. +#### The patches published last week are vulnerable. {/*the-patches-published-last-week-are-vulnerable*/} -This pattern shows up across the industry, not just in JavaScript. For example, after [Log4Shell](https://nvd.nist.gov/vuln/detail/cve-2021-44228), additional CVEs ([1](https://nvd.nist.gov/vuln/detail/cve-2021-45046), [2](https://nvd.nist.gov/vuln/detail/cve-2021-45105)) were reported as the community probed the original fix. +If you already updated for the Critical Security Vulnerability, you will need to update again. -Additional disclosures can be frustrating, but they are generally a sign of a healthy response cycle. +Please see [the instructions in the previous post](/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions) for upgrade steps. @@ -61,9 +56,13 @@ As before, if your app’s React code does not use a server, your app is not aff -#### The patches published last week are vulnerable. {/*the-patches-published-last-week-are-vulnerable*/} +#### It’s common for critical CVEs to uncover follow‑up vulnerabilities. {/*its-common-for-critical-cves-to-uncover-followup-vulnerabilities*/} -If you already updated for the Critical Security Vulnerability, you will need to update again. +When a critical vulnerability is disclosed, researchers scrutinize adjacent code paths looking for variant exploit techniques to test whether the initial mitigation can be bypassed. + +This pattern shows up across the industry, not just in JavaScript. For example, after [Log4Shell](https://nvd.nist.gov/vuln/detail/cve-2021-44228), additional CVEs ([1](https://nvd.nist.gov/vuln/detail/cve-2021-45046), [2](https://nvd.nist.gov/vuln/detail/cve-2021-45105)) were reported as the community probed the original fix. + +Additional disclosures can be frustrating, but they are generally a sign of a healthy response cycle. From e44d3b70a04e7ab23ccdc9cbd9d1dd8ece81cc0b Mon Sep 17 00:00:00 2001 From: Ricky Date: Thu, 11 Dec 2025 18:55:34 -0500 Subject: [PATCH 5/9] Add additional DoS CVE (#8196) --- ...ode-exposure-in-react-server-components.md | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md b/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md index 54e4a8760..119317edc 100644 --- a/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md +++ b/src/content/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components.md @@ -23,16 +23,18 @@ Security researchers have found and disclosed two additional vulnerabilities in The new vulnerabilities are disclosed as: -- **Denial of Service - High Severity**: [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) (CVSS 7.5) +- **Denial of Service - High Severity**: [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) and [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779) (CVSS 7.5) - **Source Code Exposure - Medium Severity**: [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183) (CVSS 5.3) We recommend upgrading immediately due to the severity of the newly disclosed vulnerabilities. -#### The patches published last week are vulnerable. {/*the-patches-published-last-week-are-vulnerable*/} +#### The patches published earlier are vulnerable. {/*the-patches-published-earlier-are-vulnerable*/} -If you already updated for the Critical Security Vulnerability, you will need to update again. +If you already updated for the Critical Security Vulnerability last week, you will need to update again. + +If you updated to 19.0.2, 19.1.3, and 19.2.2, [these are incomplete](#additional-fix-published) and you will need to update again. Please see [the instructions in the previous post](/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions) for upgrade steps. @@ -44,13 +46,13 @@ Further details of these vulnerabilities will be provided after the rollout of t These vulnerabilities are present in the same packages and versions as [CVE-2025-55182](/blog/2025/12/03/critical-security-vulnerability-in-react-server-components). -This includes versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: +This includes versions 19.0.0, 19.0.1, 19.0.2, 19.1.0, 19.1.1, 19.1.2, 19.1.2, 19.2.0, 19.2.1 and 19.2.2 of: * [react-server-dom-webpack](https://www.npmjs.com/package/react-server-dom-webpack) * [react-server-dom-parcel](https://www.npmjs.com/package/react-server-dom-parcel) * [react-server-dom-turbopack](https://www.npmjs.com/package/react-server-dom-turbopack?activeTab=readme) -Fixes were backported to versions 19.0.2, 19.1.3, and 19.2.2. If you are using any of the above packages please upgrade to any of the fixed versions immediately. +Fixes were backported to versions 19.0.3, 19.1.4, and 19.2.3. If you are using any of the above packages please upgrade to any of the fixed versions immediately. As before, if your app’s React code does not use a server, your app is not affected by these vulnerabilities. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by these vulnerabilities. @@ -94,7 +96,7 @@ See [this issue](https://github.com/facebook/react-native/issues/54772#issuecomm ## High Severity: Denial of Service {/*high-severity-denial-of-service*/} -**CVE:** [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) +**CVEs:** [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) and [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779) **Base Score:** 7.5 (High) Security researchers have discovered that a malicious HTTP request can be crafted and sent to any Server Functions endpoint that, when deserialized by React, can cause an infinite loop that hangs the server process and consumes CPU. Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components. @@ -103,6 +105,17 @@ This creates a vulnerability vector where an attacker may be able to deny users The patches published today mitigate by preventing the infinite loop. + + +#### Additional fix published {/*additional-fix-published*/} + +The original fix addressing the DoS in [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) was incomplete. + +This left versions 19.0.2, 19.1.3, 19.2.2 vulnerable. Versions 19.0.3, 19.1.4, 19.2.3 are safe. + +We've fixed the additional cases and filed [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779) for the vulnerable versions. + + ## Medium Severity: Source Code Exposure {/*low-severity-source-code-exposure*/} @@ -154,11 +167,12 @@ Always verify against production bundles. * **December 7th**: Initial fixes created and the React team began verifying and planning new patch. * **December 8th**: Affected hosting providers and open source projects notified. * **December 10th**: Hosting provider mitigations in place and patches verified. -* **December 11th**: Additional DoS reported to [Meta Bug Bounty](https://bugbounty.meta.com/) and added to patch. +* **December 11th**: Additional DoS reported to [Meta Bug Bounty](https://bugbounty.meta.com/) by Shinsaku Nomura. * **December 11th**: Patches published and publicly disclosed as [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183) and [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184). +* **December 11th**: Missing DoS case found internally, patched and publicly disclosed as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779). --- ## Attribution {/*attribution*/} -Thank you to [Andrew MacPherson (AndrewMohawk)](https://github.com/AndrewMohawk) for reporting the Source Code Exposure, [RyotaK](https://ryotak.net) from GMO Flatt Security Inc for reporting the initial Denial of Service vulnerability. +Thank you to [Andrew MacPherson (AndrewMohawk)](https://github.com/AndrewMohawk) for reporting the Source Code Exposure, [RyotaK](https://ryotak.net) from GMO Flatt Security Inc and Shinsaku Nomura of Bitforest Co., Ltd. for reporting the Denial of Service vulnerabilities. From 9527378306f12e588c6f7db8499c96dc90cadf2b Mon Sep 17 00:00:00 2001 From: Ricky Date: Thu, 11 Dec 2025 19:18:26 -0500 Subject: [PATCH 6/9] update nextjs instructions (#8197) --- ...itical-security-vulnerability-in-react-server-components.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md b/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md index d47730ecd..aa6f8f1ad 100644 --- a/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md +++ b/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md @@ -62,10 +62,11 @@ An unauthenticated attacker could craft a malicious HTTP request to any Server F These instructions have been updated to include the new vulnerabilities: - - **Denial of Service - High Severity**: [CVE-2025-55184](https://www.cve.org/CVERecord?id=CVE-2025-55184) (CVSS 7.5) - **Source Code Exposure - Medium Severity**: [CVE-2025-55183](https://www.cve.org/CVERecord?id=CVE-2025-55183) (CVSS 5.3) +They also include the additional case found, patched, and disclosed as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779). + See the [follow-up blog post](/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components) for more info. From 1e74023dd276f15530bf7c3e3bb4f7420291c8b0 Mon Sep 17 00:00:00 2001 From: Matt Carroll <7158882+mattcarrollcode@users.noreply.github.com> Date: Thu, 11 Dec 2025 17:01:10 -0800 Subject: [PATCH 7/9] [Blog] Update safe Next.js versions (#8199) --- ...ulnerability-in-react-server-components.md | 27 +++++++++++-------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md b/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md index aa6f8f1ad..ffef6119d 100644 --- a/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md +++ b/src/content/blog/2025/12/03/critical-security-vulnerability-in-react-server-components.md @@ -20,9 +20,9 @@ We recommend upgrading immediately. --- -On November 29th, Lachlan Davidson reported a security vulnerability in React that allows unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. +On November 29th, Lachlan Davidson reported a security vulnerability in React that allows unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. -Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components. +Even if your app does not implement any React Server Function endpoints it may still be vulnerable if your app supports React Server Components. This vulnerability was disclosed as [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182) and is rated CVSS 10.0. @@ -40,7 +40,7 @@ If your app’s React code does not use a server, your app is not affected by th ### Affected frameworks and bundlers {/*affected-frameworks-and-bundlers*/} -Some React frameworks and bundlers depended on, had peer dependencies for, or included the vulnerable React packages. The following React frameworks & bundlers are affected: [next](https://www.npmjs.com/package/next), [react-router](https://www.npmjs.com/package/react-router), [waku](https://www.npmjs.com/package/waku), [@parcel/rsc](https://www.npmjs.com/package/@parcel/rsc), [@vitejs/plugin-rsc](https://www.npmjs.com/package/@vitejs/plugin-rsc), and [rwsdk](https://www.npmjs.com/package/rwsdk). +Some React frameworks and bundlers depended on, had peer dependencies for, or included the vulnerable React packages. The following React frameworks & bundlers are affected: [next](https://www.npmjs.com/package/next), [react-router](https://www.npmjs.com/package/react-router), [waku](https://www.npmjs.com/package/waku), [@parcel/rsc](https://www.npmjs.com/package/@parcel/rsc), [@vitejs/plugin-rsc](https://www.npmjs.com/package/@vitejs/plugin-rsc), and [rwsdk](https://www.npmjs.com/package/rwsdk). See the [update instructions below](#update-instructions) for how to upgrade to these patches. @@ -76,16 +76,21 @@ See the [follow-up blog post](/blog/2025/12/11/denial-of-service-and-source-code All users should upgrade to the latest patched version in their release line: ```bash -npm install next@14.2.34 // for 14.x -npm install next@15.0.6 // for 15.0.x -npm install next@15.1.10 // for 15.1.x -npm install next@15.2.7 // for 15.2.x -npm install next@15.3.7 // for 15.3.x -npm install next@15.4.9 // for 15.4.x -npm install next@15.5.8 // for 15.5.x -npm install next@16.0.9 // for 16.0.x +npm install next@14.2.35 // for 13.3.x, 13.4.x, 13.5.x, 14.x +npm install next@15.0.7 // for 15.0.x +npm install next@15.1.11 // for 15.1.x +npm install next@15.2.8 // for 15.2.x +npm install next@15.3.8 // for 15.3.x +npm install next@15.4.10 // for 15.4.x +npm install next@15.5.9 // for 15.5.x +npm install next@16.0.10 // for 16.0.x + +npm install next@15.6.0-canary.60 // for 15.x canary releases +npm install next@16.1.0-canary.19 // for 16.x canary releases ``` +If you are on version `13.3` or later version of Next.js 13 (`13.3.x`, `13.4.x`, or `13.5.x`) please upgrade to version `14.2.35`. + If you are on `next@14.3.0-canary.77` or a later canary release, downgrade to the latest stable 14.x release: ```bash From 2da4f7fbd90ddc09835c9f85d61fd5644a271abc Mon Sep 17 00:00:00 2001 From: Matt Carroll <7158882+mattcarrollcode@users.noreply.github.com> Date: Thu, 11 Dec 2025 17:06:56 -0800 Subject: [PATCH 8/9] Update to Next.js 15.1.11 (#8200) --- package.json | 2 +- yarn.lock | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index 657be8877..55fcc0a5b 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "classnames": "^2.2.6", "debounce": "^1.2.1", "github-slugger": "^1.3.0", - "next": "15.1.9", + "next": "15.1.11", "next-remote-watch": "^1.0.0", "parse-numeric-range": "^1.2.0", "react": "^19.0.0", diff --git a/yarn.lock b/yarn.lock index a07b2f280..a1ce77d11 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1225,10 +1225,10 @@ unist-util-visit "^4.0.0" vfile "^5.0.0" -"@next/env@15.1.9": - version "15.1.9" - resolved "https://registry.yarnpkg.com/@next/env/-/env-15.1.9.tgz#3569b6dd6a9b0af998fc6e4902da6b9ed2fc36c9" - integrity sha512-Te1wbiJ//I40T7UePOUG8QBwh+VVMCc0OTuqesOcD3849TVOVOyX4Hdrkx7wcpLpy/LOABIcGyLX5P/SzzXhFA== +"@next/env@15.1.11": + version "15.1.11" + resolved "https://registry.yarnpkg.com/@next/env/-/env-15.1.11.tgz#599a126f7ce56decc39cea46668cb60d96b66bc6" + integrity sha512-yp++FVldfLglEG5LoS2rXhGypPyoSOyY0kxZQJ2vnlYJeP8o318t5DrDu5Tqzr03qAhDWllAID/kOCsXNLcwKw== "@next/eslint-plugin-next@12.0.3": version "12.0.3" @@ -5797,12 +5797,12 @@ next-tick@^1.1.0: resolved "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz" integrity sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ== -next@15.1.9: - version "15.1.9" - resolved "https://registry.yarnpkg.com/next/-/next-15.1.9.tgz#eaab46d7a57c881fadf748d8ba2a8c65ec27ad8f" - integrity sha512-OoQpDPV2i3o5Hnn46nz2x6fzdFxFO+JsU4ZES12z65/feMjPHKKHLDVQ2NuEvTaXTRisix/G5+6hyTkwK329kA== +next@15.1.11: + version "15.1.11" + resolved "https://registry.yarnpkg.com/next/-/next-15.1.11.tgz#8a70a236e02d8dd62fb0569bedfd5e4290e7af55" + integrity sha512-UiVJaOGhKST58AadwbFUZThlNBmYhKqaCs8bVtm4plTxsgKq0mJ0zTsp7t7j/rzsbAEj9WcAMdZCztjByi4EoQ== dependencies: - "@next/env" "15.1.9" + "@next/env" "15.1.11" "@swc/counter" "0.1.3" "@swc/helpers" "0.5.15" busboy "1.6.0" From 1217c9ffc8fe86751901584fbe5db661d18118c3 Mon Sep 17 00:00:00 2001 From: anilcanboga Date: Fri, 19 Dec 2025 20:41:14 +0300 Subject: [PATCH 9/9] sync-2da4f7fb --- package.json | 4 - src/content/reference/react/useEffect.md | 90 ++++--------------- .../reference/react/useLayoutEffect.md | 10 +-- yarn.lock | 70 --------------- 4 files changed, 20 insertions(+), 154 deletions(-) diff --git a/package.json b/package.json index 0f1a8161f..dfa3f9fd3 100644 --- a/package.json +++ b/package.json @@ -35,11 +35,7 @@ "classnames": "^2.2.6", "debounce": "^1.2.1", "github-slugger": "^1.3.0", -<<<<<<< HEAD - "next": "15.4.8", -======= "next": "15.1.11", ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc "next-remote-watch": "^1.0.0", "parse-numeric-range": "^1.2.0", "react": "^19.0.0", diff --git a/src/content/reference/react/useEffect.md b/src/content/reference/react/useEffect.md index edfffb216..dd48c4129 100644 --- a/src/content/reference/react/useEffect.md +++ b/src/content/reference/react/useEffect.md @@ -44,15 +44,9 @@ function ChatRoom({ roomId }) { #### Parametreler {/*parameters*/} -<<<<<<< HEAD -* `setup`: Effect'inizin mantığını içeren fonksiyon. Kurulum (setup) fonksiyonunuz isteğe bağlı olarak *temizleme (cleanup)* fonksiyonu da döndürebilir. Bileşeniniz DOM'a eklendiğinde, React kurulum fonksiyonunuzu çalıştıracaktır. Değişen bağımlılıklar ile her yeniden render işleminden sonra, React önce temizleme fonksiyonunu (eğer sağladıysanız) eski değerlerle çalıştıracak ve ardından kurulum fonksiyonunuzu yeni değerlerle çalıştıracaktır. Bileşeniniz DOM'dan kaldırıldıktan sonra, React temizleme fonksiyonunuzu çalıştıracaktır. - -* **Opsiyonel** `bağımlılıklar`: `kurulum` (`setup`) kodunun içinde referansı olan tüm reaktif değerlerin listesi. Reaktif değerler prop'ları, state'i ve bileşeninizin gövdesi içinde bildirilen tüm değişkenleri ve fonksiyonları içerir. Linter'ınız [React için yapılandırılmış](/learn/editor-setup#linting) ise, her reaktif değerin bağımlılık olarak doğru bir şekilde belirtildiğini doğrulayacaktır. Bağımlılık listesi sabit sayıda öğeye sahip olmalı ve `[dep1, dep2, dep3]` şeklinde satır içinde yazılmalıdır. React, [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) karşılaştırmasını kullanarak her bağımlılığı önceki değeri ile karşılaştırır. Eğer bağımlılık listesini boş bırakırsanız, Effect'iniz her yeniden render'dan sonra tekrar çalışacaktır. [Bağımlılık dizisi iletmenin, boş dizi iletmenin ve hiç bağımlılık olmaması arasındaki farkı inceleyin.](#examples-dependencies) -======= -* `setup`: The function with your Effect's logic. Your setup function may also optionally return a *cleanup* function. When your [component commits](/learn/render-and-commit#step-3-react-commits-changes-to-the-dom), React will run your setup function. After every commit with changed dependencies, React will first run the cleanup function (if you provided it) with the old values, and then run your setup function with the new values. After your component is removed from the DOM, React will run your cleanup function. - -* **optional** `dependencies`: The list of all reactive values referenced inside of the `setup` code. Reactive values include props, state, and all the variables and functions declared directly inside your component body. If your linter is [configured for React](/learn/editor-setup#linting), it will verify that every reactive value is correctly specified as a dependency. The list of dependencies must have a constant number of items and be written inline like `[dep1, dep2, dep3]`. React will compare each dependency with its previous value using the [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) comparison. If you omit this argument, your Effect will re-run after every commit of the component. [See the difference between passing an array of dependencies, an empty array, and no dependencies at all.](#examples-dependencies) ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +* `setup`: Effect’inizin mantığını içeren fonksiyondur. `setup` fonksiyonunuz isteğe bağlı olarak bir *cleanup* (temizleme) fonksiyonu da döndürebilir. Bileşeniniz [commit edildiğinde](/learn/render-and-commit#step-3-react-commits-changes-to-the-dom), React `setup` fonksiyonunu çalıştırır. Bağımlılıkları değişen her commit’ten sonra React, önce (varsa) eski değerlerle *cleanup* fonksiyonunu çalıştırır, ardından yeni değerlerle `setup` fonksiyonunu tekrar çalıştırır. Bileşeniniz DOM’dan kaldırıldıktan sonra ise React *cleanup* fonksiyonunu çalıştırır. + +* **opsiyonel** `dependencies`: `setup` kodu içinde referans verilen tüm **reactive values**’ların listesidir. Reactive values; props, state ve bileşen gövdesi içinde doğrudan tanımlanan tüm değişkenler ve fonksiyonları kapsar. Eğer linter’ınız [React için yapılandırılmışsa](/learn/editor-setup#linting), her reactive value’nun dependency olarak doğru şekilde belirtildiğini doğrular. Dependency listesi sabit sayıda öğe içermeli ve `[dep1, dep2, dep3]` şeklinde inline olarak yazılmalıdır. React, her bir dependency’yi önceki değeriyle [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) karşılaştırması kullanarak kıyaslar. Bu argümanı atladığınızda, Effect’iniz bileşenin her commit’inden sonra yeniden çalışır. [Dependency array verilmesi, boş array verilmesi ve hiç dependency verilmemesi arasındaki farkı inceleyin.](#examples-dependencies) #### Dönüş Değeri {/*returns*/} @@ -110,27 +104,15 @@ function ChatRoom({ roomId }) { **React, kurulum ve temizleme fonksiyonlarınızı gerektiğinde birden çok kez olabilecek şekilde çağırır:** -<<<<<<< HEAD -1. Kurulum kodunuz bileşeniniz sayfaya eklendiğinde çalışır *(DOM'a eklendiğinde)*. -2. Bileşeninizin bağımlılıklarının değiştiği her yeniden render etmeden sonra: - - İlk olarak, temizleme kodunuz eski prop'lar ve state ile çalışır. - - Daha sonra, kurulum kodunuz yeni prop'lar ve state ile çalışır. -3. temizleme kodunuz son kez bileşeniniz sayfadan kaldırıldığında çalışır *(DOM'dan kaldırıldığında).* -======= -1. Your setup code runs when your component is added to the page *(mounts)*. -2. After every commit of your component where the dependencies have changed: - - First, your cleanup code runs with the old props and state. - - Then, your setup code runs with the new props and state. -3. Your cleanup code runs one final time after your component is removed from the page *(unmounts).* ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +1. Bileşeniniz sayfaya eklendiğinde *(mount olurken)* setup code çalışır. +2. dependencies’lerin değiştiği her bileşen commit’inden sonra: + - Önce, cleanup code eski props ve state değerleriyle çalışır. + - Ardından, setup code yeni props ve state değerleriyle çalışır. +3. Bileşeniniz sayfadan kaldırıldıktan *(unmount olduktan)* sonra cleanup code son bir kez daha çalışır. **Yukarıdaki örneği biraz açıklayalım.** -<<<<<<< HEAD -Yukarıdaki `ChatRoom` bileşeni sayfaya eklendiğinde, başlangıç `serverUrl` ve `roomId` ile sohbet odasına bağlanacaktır. Eğer `serverUrl` veya `roomId`'den biri yeniden render yüzünden değişirse (diyelim ki kullanıcı başka bir sohbet odasını seçerse), Effect'iniz önceki odayla *bağlantısını kesecek ve bir sonraki odaya bağlanacaktır.* `ChatRoom` bileşeniniz sayfadan kaldırıldığında, Effect'iniz son bir defa bağlantıyı kesecektir. -======= -When the `ChatRoom` component above gets added to the page, it will connect to the chat room with the initial `serverUrl` and `roomId`. If either `serverUrl` or `roomId` change as a result of a commit (say, if the user picks a different chat room in a dropdown), your Effect will *disconnect from the previous room, and connect to the next one.* When the `ChatRoom` component is removed from the page, your Effect will disconnect one last time. ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +Yukarıdaki `ChatRoom` bileşeni sayfaya eklendiğinde, başlangıçtaki `serverUrl` ve `roomId` ile chat odasına bağlanır. Eğer bir commit sonucunda `serverUrl` veya `roomId` değişirse (örneğin kullanıcı bir dropdown üzerinden farklı bir chat odası seçerse), Effect’iniz *önce önceki odadan bağlantıyı keser, ardından yeni odaya bağlanır.* `ChatRoom` bileşeni sayfadan kaldırıldığında ise Effect’iniz son bir kez daha bağlantıyı keser. **Geliştirme sırasında [hataları bulmanıza yardımcı olmak](/learn/synchronizing-with-effects#step-3-add-cleanup-if-needed) için React, kurulum ve temizleme kodunu kurulum'dan önce son kez çalıştırır.** Bu, Effect mantığınızın doğru uygulandığını doğrulayan bir stres testidir. Bu, gözle görünür sorunlara neden oluyorsa, temizleme fonksiyonunuzda bazı mantık hataları vardır. Temizleme fonksiyonu, kurulum fonksiyonunun yaptığı her şeyi durdurmalı ya da geri almalıdır. Temel kural, kullanıcı bir kez çağrılan kurulum (son üründe olduğu gibi) ile *kurulum* → *temizleme* → *kurulum* sekansı (geliştirme sırasında olduğu gibi) arasındaki farkı ayırt etmemelidir. [Sık kullanılan çözümlere göz gezdirin.](/learn/synchronizing-with-effects#how-to-handle-the-effect-firing-twice-in-development) @@ -1165,11 +1147,7 @@ useEffect(() => { #### Bağımlılık dizisi iletme {/*passing-a-dependency-array*/} -<<<<<<< HEAD -Eğer bağımlılıkları belirtirseniz, Effect'iniz **ilk render'dan _ve_ değişen bağlımlılıklarla yeniden render'lardan sonra çalışacaktır.** -======= -If you specify the dependencies, your Effect runs **after the initial commit _and_ after commits with changed dependencies.** ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +Eğer dependency’leri belirtirseniz, Effect’iniz **ilk commit’ten sonra _ve_ dependency’lerin değiştiği commit’lerden sonra** çalışır. ```js {3} useEffect(() => { @@ -1266,11 +1244,7 @@ button { margin-left: 5px; } #### Boş bağımlılık dizisi iletmek {/*passing-an-empty-dependency-array*/} -<<<<<<< HEAD -Effect'iniz gerçekten reaktif değerler kullanmıyorsa, Effect'iniz sadece **ilk render'dan sonra** çalışacaktır. -======= -If your Effect truly doesn't use any reactive values, it will only run **after the initial commit.** ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +Eğer Effect’iniz gerçekten hiçbir **reactive value** kullanmıyorsa, **yalnızca ilk commit’ten sonra** çalışır. ```js {3} useEffect(() => { @@ -1347,11 +1321,7 @@ export function createConnection(serverUrl, roomId) { #### Hiçbir bağımlılık dizisi iletmemek {/*passing-no-dependency-array-at-all*/} -<<<<<<< HEAD -Hiçbir bağımlılık dizisi iletmezseniz, Effect'iniz bileşeninizin **herbir render'ından (ve yeniden render'ından)** sonra çalışacaktır. -======= -If you pass no dependency array at all, your Effect runs **after every single commit** of your component. ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +Eğer hiç dependency array geçmezseniz, Effect’iniz bileşeninizin **her bir commit’inden sonra** çalışır. ```js {3} useEffect(() => { @@ -1512,11 +1482,7 @@ Artık `count + 1` yerine `c => c + 1` ilettiğimiz için, [Effect'inizin `count ### Gereksiz nesne bağımlılıklarını kaldırma {/*removing-unnecessary-object-dependencies*/} -<<<<<<< HEAD -Eğer Effect'iniz render esnasında oluşturulan bir nesneye veya fonksiyona bağımlıysa, Effect çok sık çalışabilir. Örneğin bu Effect, `options` nesnesi [her render için farklı olduğundan](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) her render'dan sonra yeniden sohbete bağlanır: -======= -If your Effect depends on an object or a function created during rendering, it might run too often. For example, this Effect re-connects after every commit because the `options` object is [different for every render:](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +Eğer Effect’iniz render sırasında oluşturulan bir **object** veya **function**’a bağlıysa, gereğinden fazla çalışabilir. Örneğin, aşağıdaki Effect her commit’ten sonra yeniden bağlanır çünkü `options` objesi [her render’da farklıdır:](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) ```js {6-9,12,15} const serverUrl = 'https://localhost:1234'; @@ -1533,11 +1499,7 @@ function ChatRoom({ roomId }) { const connection = createConnection(options); // Effect içinde kullanılır connection.connect(); return () => connection.disconnect(); -<<<<<<< HEAD - }, [options]); // 🚩 Bunun neticesinde, bu bağımlılıklar yeniden render'da her zaman farklıdır -======= - }, [options]); // 🚩 As a result, these dependencies are always different on a commit ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc + }, [options]); // 🚩 Sonuç olarak, bu dependency’ler her commit’te her zaman farklıdır // ... ``` @@ -1623,11 +1585,7 @@ Bu çözümle birlikte, input'a yazmak sohbete tekrar bağlanmayacaktır. Her re ### Gereksiz fonksiyon bağımlılıklarını kaldırma {/*removing-unnecessary-function-dependencies*/} -<<<<<<< HEAD -Eğer Effect'iniz render esnasında oluşturulan bir nesneye veya fonksiyona bağımlıysa, Effect çok sık çalışabilir. Örneğin bu Effect, `createOptions` fonksiyonu [her render'da farklı olduğundan](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) her render'dan sonra yeniden sohbete bağlanır: -======= -If your Effect depends on an object or a function created during rendering, it might run too often. For example, this Effect re-connects after every commit because the `createOptions` function is [different for every render:](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +Eğer Effect’iniz render sırasında oluşturulan bir **object** veya **function**’a bağlıysa, gereğinden fazla çalışabilir. Örneğin, aşağıdaki Effect her commit’ten sonra yeniden bağlanır çünkü `createOptions` fonksiyonu [her render’da farklıdır:](/learn/removing-effect-dependencies#does-some-reactive-value-change-unintentionally) ```js {4-9,12,16} function ChatRoom({ roomId }) { @@ -1645,19 +1603,11 @@ function ChatRoom({ roomId }) { const connection = createConnection(); connection.connect(); return () => connection.disconnect(); -<<<<<<< HEAD - }, [createOptions]); // 🚩 Bunun neticesinde, bu bağımlılıklar yeniden render'da her zaman farklıdır - // ... -``` - -Her yeniden render'da sıfırdan bir fonksiyon oluşturmak kendi başına bir sorun değildir. Bunu optimize etmenize gerek yoktur. Ancak fonksiyonu Effect'inizin bağımlılığı olarak kullanırsanız, Effect'inizin her yeniden render'dan sonra yeniden çalışmasına neden olacaktır. -======= - }, [createOptions]); // 🚩 As a result, these dependencies are always different on a commit + }, [createOptions]); // 🚩 Sonuç olarak, bu dependency’ler her commit’te her zaman farklıdır // ... ``` -By itself, creating a function from scratch on every re-render is not a problem. You don't need to optimize that. However, if you use it as a dependency of your Effect, it will cause your Effect to re-run after every commit. ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +Tek başına, her yeniden render’da sıfırdan bir **function** oluşturmak bir problem değildir. Bunu optimize etmeniz gerekmez. Ancak bu function’ı Effect’inizin bir **dependency**’si olarak kullanırsanız, Effect’inizin **her commit’ten sonra yeniden çalışmasına** neden olur. Render esnasında oluşturulan bir fonksiyonu bağımlılık olarak kullanmaktan kaçının. Bunun yerine Effect içinde bildirin: @@ -1827,11 +1777,7 @@ Bu, Effect mantığınızın doğru uygunlanıdığını doğrulayan bir stres t ```js {3} useEffect(() => { // ... -<<<<<<< HEAD -}); // 🚩 Bağımlılık dizisi yok: her yeniden render'dan sonra yeniden çalışır! -======= -}); // 🚩 No dependency array: re-runs after every commit! ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +}); // 🚩 Dependency array yok: her commit’ten sonra yeniden çalışır. ``` Bağımlılık dizisini belirttiyseniz ancak Effect'iniz hala döngüde yeniden çalışyorsa, bunun nedeni bağımlılıklarınızdan birinin her yeniden render'da farklı olmasıdır. diff --git a/src/content/reference/react/useLayoutEffect.md b/src/content/reference/react/useLayoutEffect.md index b3a1fa131..f50a2e583 100644 --- a/src/content/reference/react/useLayoutEffect.md +++ b/src/content/reference/react/useLayoutEffect.md @@ -47,15 +47,9 @@ function Tooltip() { #### Parametreler {/*parameters*/} -<<<<<<< HEAD -* `setup`: Effect'in mantığını içeren fonksiyondur. `setup` fonksiyonun isteğe bağlı olarak bir *cleanup* fonksiyonu da döndürebilir. Component DOM’a eklenmeden önce React `setup` fonksiyonunu çalıştırır. Değişen dependencies ile her yeniden render sonrasında React önce *cleanup* fonksiyonunu (eğer sağladıysan) eski değerlerle çalıştırır, ardından `setup` fonksiyonunu yeni değerlerle çalıştırır. Component DOM’dan kaldırılmadan önce React *cleanup* fonksiyonunu çalıştırır. +* `setup`: Effect’inizin mantığını içeren fonksiyondur. `setup` fonksiyonunuz isteğe bağlı olarak bir *cleanup* (temizleme) fonksiyonu döndürebilir. Bileşeniniz [commit edilmeden önce](/learn/render-and-commit#step-3-react-commits-changes-to-the-dom), React `setup` fonksiyonunu çalıştırır. Dependency’leri değişmiş her commit’ten sonra React, önce (varsa) eski değerlerle *cleanup* fonksiyonunu çalıştırır, ardından yeni değerlerle `setup` fonksiyonunu çalıştırır. Bileşeniniz DOM’dan kaldırılmadan önce React *cleanup* fonksiyonunu çalıştırır. -* **optional** `dependencies`: `setup` kodu içinde referans verilen tüm reactive value’ların listesi. Reactive value’lar props, state ve component body’si içinde doğrudan tanımlanan tüm değişkenler ve fonksiyonları kapsar. Eğer linter’in [React için yapılandırıldıysa](/learn/editor-setup#linting), her reactive value’nun doğru şekilde dependency olarak belirtildiğini doğrulayacaktır. Dependencies listesi sabit sayıda öğeye sahip olmalı ve `[dep1, dep2, dep3]` şeklinde inline yazılmalıdır. React her dependency’yi önceki değeriyle [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) karşılaştırması kullanarak karşılaştırır. Eğer bu argümanı atarsan, Effect her component re-render işleminden sonra yeniden çalışır. -======= -* `setup`: The function with your Effect's logic. Your setup function may also optionally return a *cleanup* function. Before your [component commits](/learn/render-and-commit#step-3-react-commits-changes-to-the-dom), React will run your setup function. After every commit with changed dependencies, React will first run the cleanup function (if you provided it) with the old values, and then run your setup function with the new values. Before your component is removed from the DOM, React will run your cleanup function. - -* **optional** `dependencies`: The list of all reactive values referenced inside of the `setup` code. Reactive values include props, state, and all the variables and functions declared directly inside your component body. If your linter is [configured for React](/learn/editor-setup#linting), it will verify that every reactive value is correctly specified as a dependency. The list of dependencies must have a constant number of items and be written inline like `[dep1, dep2, dep3]`. React will compare each dependency with its previous value using the [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) comparison. If you omit this argument, your Effect will re-run after every commit of the component. ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc +* **opsiyonel** `dependencies`: `setup` kodu içinde referans verilen tüm reactive value’ların listesidir. Reactive value’lar; props, state ve bileşen gövdesi içinde doğrudan tanımlanan tüm değişkenler ve fonksiyonları kapsar. Eğer linter’ınız [React için yapılandırılmışsa](/learn/editor-setup#linting), her reactive value’nun dependency olarak doğru şekilde belirtildiğini doğrular. Dependency listesi sabit sayıda öğe içermeli ve `[dep1, dep2, dep3]` şeklinde inline olarak yazılmalıdır. React, her bir dependency’yi önceki değeriyle [`Object.is`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/is) karşılaştırması kullanarak kıyaslar. Bu argümanı atladığınızda, Effect’iniz bileşenin her commit’inden sonra yeniden çalışır. #### Dönüş değeri {/*returns*/} diff --git a/yarn.lock b/yarn.lock index 22a823af1..109afa811 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1250,17 +1250,10 @@ unist-util-visit "^4.0.0" vfile "^5.0.0" -<<<<<<< HEAD -"@next/env@15.4.8": - version "15.4.8" - resolved "https://registry.yarnpkg.com/@next/env/-/env-15.4.8.tgz#f41741d07651958bccb31fb685da0303a9ef1373" - integrity sha512-LydLa2MDI1NMrOFSkO54mTc8iIHSttj6R6dthITky9ylXV2gCGi0bHQjVCtLGRshdRPjyh2kXbxJukDtBWQZtQ== -======= "@next/env@15.1.11": version "15.1.11" resolved "https://registry.yarnpkg.com/@next/env/-/env-15.1.11.tgz#599a126f7ce56decc39cea46668cb60d96b66bc6" integrity sha512-yp++FVldfLglEG5LoS2rXhGypPyoSOyY0kxZQJ2vnlYJeP8o318t5DrDu5Tqzr03qAhDWllAID/kOCsXNLcwKw== ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc "@next/eslint-plugin-next@12.0.3": version "12.0.3" @@ -1269,47 +1262,6 @@ dependencies: glob "7.1.7" -<<<<<<< HEAD -"@next/swc-darwin-arm64@15.4.8": - version "15.4.8" - resolved "https://registry.yarnpkg.com/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.4.8.tgz#f5030219421079036720b5948ea9de9bee02ac34" - integrity sha512-Pf6zXp7yyQEn7sqMxur6+kYcywx5up1J849psyET7/8pG2gQTVMjU3NzgIt8SeEP5to3If/SaWmaA6H6ysBr1A== - -"@next/swc-darwin-x64@15.4.8": - version "15.4.8" - resolved "https://registry.yarnpkg.com/@next/swc-darwin-x64/-/swc-darwin-x64-15.4.8.tgz#3fc796bd522aee30eff608448919e0ea1c1da7d1" - integrity sha512-xla6AOfz68a6kq3gRQccWEvFC/VRGJmA/QuSLENSO7CZX5WIEkSz7r1FdXUjtGCQ1c2M+ndUAH7opdfLK1PQbw== - -"@next/swc-linux-arm64-gnu@15.4.8": - version "15.4.8" - resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.4.8.tgz#5c7bf6a0de49c2b4c21bc8bdb3b5e431dd922c7d" - integrity sha512-y3fmp+1Px/SJD+5ntve5QLZnGLycsxsVPkTzAc3zUiXYSOlTPqT8ynfmt6tt4fSo1tAhDPmryXpYKEAcoAPDJw== - -"@next/swc-linux-arm64-musl@15.4.8": - version "15.4.8" - resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.4.8.tgz#94e47838715e68a696b33295f4389a60bd8af00a" - integrity sha512-DX/L8VHzrr1CfwaVjBQr3GWCqNNFgyWJbeQ10Lx/phzbQo3JNAxUok1DZ8JHRGcL6PgMRgj6HylnLNndxn4Z6A== - -"@next/swc-linux-x64-gnu@15.4.8": - version "15.4.8" - resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.4.8.tgz#4f9656e8bf9f28dac1970d6ff95a245014646417" - integrity sha512-9fLAAXKAL3xEIFdKdzG5rUSvSiZTLLTCc6JKq1z04DR4zY7DbAPcRvNm3K1inVhTiQCs19ZRAgUerHiVKMZZIA== - -"@next/swc-linux-x64-musl@15.4.8": - version "15.4.8" - resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.4.8.tgz#c5c64e18370f54f6474e58bb01b12594a4ecdde6" - integrity sha512-s45V7nfb5g7dbS7JK6XZDcapicVrMMvX2uYgOHP16QuKH/JA285oy6HcxlKqwUNaFY/UC6EvQ8QZUOo19cBKSA== - -"@next/swc-win32-arm64-msvc@15.4.8": - version "15.4.8" - resolved "https://registry.yarnpkg.com/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.4.8.tgz#722d18ed569bee9e4a6651acdc756f9633cbee1f" - integrity sha512-KjgeQyOAq7t/HzAJcWPGA8X+4WY03uSCZ2Ekk98S9OgCFsb6lfBE3dbUzUuEQAN2THbwYgFfxX2yFTCMm8Kehw== - -"@next/swc-win32-x64-msvc@15.4.8": - version "15.4.8" - resolved "https://registry.yarnpkg.com/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.4.8.tgz#a29a53cd262ec5093b9ac24a5fd5e4540ec64eb4" - integrity sha512-Exsmf/+42fWVnLMaZHzshukTBxZrSwuuLKFvqhGHJ+mC1AokqieLY/XzAl3jc/CqhXLqLY3RRjkKJ9YnLPcRWg== -======= "@next/swc-darwin-arm64@15.1.9": version "15.1.9" resolved "https://registry.yarnpkg.com/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.1.9.tgz#7b95fc3b2cd5108b514c949c3bddb3a9b42a714e" @@ -1349,7 +1301,6 @@ version "15.1.9" resolved "https://registry.yarnpkg.com/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.1.9.tgz#92044825d0f9e017d6a27ab69fc8c8f5ca9dc239" integrity sha512-SBB0oA4E2a0axUrUwLqXlLkSn+bRx9OWU6LheqmRrO53QEAJP7JquKh3kF0jRzmlYOWFZtQwyIWJMEJMtvvDcQ== ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc "@nodelib/fs.scandir@2.1.5": version "2.1.5" @@ -5950,14 +5901,6 @@ next-tick@^1.1.0: resolved "https://registry.npmjs.org/next-tick/-/next-tick-1.1.0.tgz" integrity sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ== -<<<<<<< HEAD -next@15.4.8: - version "15.4.8" - resolved "https://registry.yarnpkg.com/next/-/next-15.4.8.tgz#0f20a6cad613dc34547fa6519b2d09005ac370ca" - integrity sha512-jwOXTz/bo0Pvlf20FSb6VXVeWRssA2vbvq9SdrOPEg9x8E1B27C2rQtvriAn600o9hH61kjrVRexEffv3JybuA== - dependencies: - "@next/env" "15.4.8" -======= next@15.1.11: version "15.1.11" resolved "https://registry.yarnpkg.com/next/-/next-15.1.11.tgz#8a70a236e02d8dd62fb0569bedfd5e4290e7af55" @@ -5965,23 +5908,11 @@ next@15.1.11: dependencies: "@next/env" "15.1.11" "@swc/counter" "0.1.3" ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc "@swc/helpers" "0.5.15" caniuse-lite "^1.0.30001579" postcss "8.4.31" styled-jsx "5.1.6" optionalDependencies: -<<<<<<< HEAD - "@next/swc-darwin-arm64" "15.4.8" - "@next/swc-darwin-x64" "15.4.8" - "@next/swc-linux-arm64-gnu" "15.4.8" - "@next/swc-linux-arm64-musl" "15.4.8" - "@next/swc-linux-x64-gnu" "15.4.8" - "@next/swc-linux-x64-musl" "15.4.8" - "@next/swc-win32-arm64-msvc" "15.4.8" - "@next/swc-win32-x64-msvc" "15.4.8" - sharp "^0.34.3" -======= "@next/swc-darwin-arm64" "15.1.9" "@next/swc-darwin-x64" "15.1.9" "@next/swc-linux-arm64-gnu" "15.1.9" @@ -5991,7 +5922,6 @@ next@15.1.11: "@next/swc-win32-arm64-msvc" "15.1.9" "@next/swc-win32-x64-msvc" "15.1.9" sharp "^0.33.5" ->>>>>>> 2da4f7fbd90ddc09835c9f85d61fd5644a271abc nice-try@^1.0.4: version "1.0.5"