Fix React Server Components CVE vulnerabilities#1
Draft
vercel[bot] wants to merge 132 commits intomainfrom
Draft
Fix React Server Components CVE vulnerabilities#1vercel[bot] wants to merge 132 commits intomainfrom
vercel[bot] wants to merge 132 commits intomainfrom
Conversation
…pp with new screens and features. Added SafeAreaProvider for better layout handling, integrated task scheduling for notifications, and improved theme support across various screens. Updated dependencies in package.json and package-lock.json for better compatibility.
…, enhance subscription management, and improve product recommendation logic. Added new screens and features in the mobile app, including content detail navigation and routine customization options. Updated environment configurations and documentation for consistency across platforms.
… and enhance analysis limit handling. Improved documentation for subscription management and updated environment configurations. Added Sentry integration for error tracking in the mobile app and refined API URL handling across various components.
…uction readiness - Deployed to Vercel production - Fixed TypeScript errors and Suspense boundaries - Fixed onboarding navigation bug (realtime/polling conflict) - Added production readiness documentation - Updated admin pages with improved UI - Added missing imports and type fixes - Prepared for App Store submission
- Removed .env and .env*.local from .gitignore - Added web/.env.local to repository - mobile/.env already tracked
…nd improve task completion logic - Updated EXPO_PUBLIC_APP_URL in mobile/.env.local for better network access during development. - Incremented app version in mobile/app.json to 1.0.1. - Enhanced task completion logic in mobile/lib/routines/habits.ts with improved error handling and logging. - Updated API URL handling in mobile/lib/utils/apiUrl.ts to accommodate different environments and ensure proper fallback mechanisms. - Refactored subscription check logic in mobile/screens/RoutinesScreen.tsx for better user experience and error management. - Updated dependencies in package.json and package-lock.json for compatibility and performance improvements. - Added new logging statements for better debugging and tracking of task completion status.
…ime errors, API URLs, and environment configuration
- Update webhook handler to recognize 'Smile Score Pro' entitlement identifier - Update sync route to match RevenueCat entitlement naming - Update mobile client to check for 'Smile Score Pro' entitlement - Add improved logging for entitlement matching and debugging - Maintain backward compatibility with 'pro' identifier
…ers, improve header detection
…p and enhance authentication flow in web app Add functionality to handle universal/app links in the mobile app for restoring Supabase sessions after email confirmation. Update the web app's authentication callback to include fallback URL handling and improved redirection logic based on session state. This ensures a smoother user experience during the authentication process.
…tion page - Removed the Pricing tab from the mobile app's main navigation. - Eliminated the deep link handling logic for Supabase session tokens in the mobile app. - Updated the loading screen to adapt background color based on the current color scheme. - Removed the AppAuthConfirmPage from the web app as it is no longer needed. - Simplified the authentication callback logic in the web app to redirect based on the presence of a code.
- Added deep link handling to manage Supabase session tokens upon email confirmation in the mobile app. - Updated the mobile app configuration to include a custom URL scheme. - Modified the authentication context to utilize a dynamic email redirect URL. - Adjusted the web app's authentication callback to redirect to the '/app' route by default.
- Implemented referral code processing in the mobile app's deep link handling, allowing for storage and retrieval of referral codes. - Updated the PricingScreen to check for referral codes from both navigation parameters and stored values, ensuring proper attribution during package purchases. - Improved referral tracking in the web app by adding a callback mechanism for successful tracking, enabling redirection after tracking completion. - Refactored referral tracking utility to accept an optional success callback for better control over post-tracking actions.
Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
Author
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedBot user detected. To trigger a single review, invoke the You can disable this status message by setting the Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Important
This is an automatic PR generated by Vercel to help you with patching efforts. We can't guarantee it's comprehensive, and it may contain mistakes. Please review our guidance before merging these changes.
A critical remote code execution (RCE) vulnerability in React Server Components, impacting frameworks such as Next.js, was identified in the project smilescoreweb. The vulnerability enables unauthenticated RCE on the server via insecure deserialization in the React Flight protocol.
This issue is tracked under:
This automated pull request upgrades the affected React and Next.js packages to patched versions that fully remediate the issue.
More Info | security@vercel.com