Skip to content

Update radix-ui to 1.4.3 and patch React/Next.js security vulnerabilities #263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 3 commits into
base: depfu/update/npm/radix-ui-1.4.3
Choose a base branch
from
Draft

Update radix-ui to 1.4.3 and patch React/Next.js security vulnerabilities #263

Copilot wants to merge 3 commits into from

Conversation

Copy link

Copilot AI commented Dec 4, 2025
edited
Loading

Addresses critical security vulnerabilities CVE-2025-55182 (React Server Components) and CVE-2025-66478 (Next.js) by updating to patched versions, alongside radix-ui dependency updates.

Security Updates

  • React: 18.3.1 → 19.2.1 (CVE-2025-55182)
  • React-DOM: 18.3.1 → 19.2.1
  • Next.js: 15.2.4 → 15.5.7 (CVE-2025-66478)
  • Type definitions: Updated to ^19.2.0 for compatibility

Radix UI Updates

  • radix-ui: 1.0.1 → 1.4.3
  • Component packages: Updated to latest stable versions (hover-card, label, navigation-menu, radio-group, slider, tooltip)
  • New packages: Added form, menubar, one-time-password-field, password-toggle-field, use-is-hydrated
  • Dependency consolidation: Removed duplicate internal packages now bundled in updated components

Security advisory scan confirms no vulnerabilities in updated dependencies.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Dec 4, 2025
Open
@changeset-bot
Copy link

changeset-bot bot commented Dec 4, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: f59758f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link
Contributor

vercel bot commented Dec 4, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
mindect Error Error Dec 4, 2025 11:20am

@Gitstar-OC
Update React to 19.2.1 and Next.js to 15.5.7 for CVE fixes
1cc9ed5 
Co-authored-by: Gitstar-OC <152989429+Gitstar-OC@users.noreply.github.com>
@Gitstar-OC
Update React type definitions to ^19.2.0 for better compatibility
f59758f 
Co-authored-by: Gitstar-OC <152989429+Gitstar-OC@users.noreply.github.com>
Copy link
Author

Copilot AI commented Dec 4, 2025

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • fonts.googleapis.com
    • Triggering command: /usr/local/bin/node node /home/REDACTED/work/Mindect/Mindect/node_modules/.bin/next build (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI changed the title [WIP] Update radix-ui to version 1.4.3 Update radix-ui to 1.4.3 and patch React/Next.js security vulnerabilities Dec 4, 2025
Copilot AI requested a review from Gitstar-OC December 4, 2025 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Gitstar-OC Gitstar-OC Awaiting requested review from Gitstar-OC

Assignees

@Gitstar-OC Gitstar-OC

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Gitstar-OC