CVE fix `npm i next@15.5.7` doesn't change the React version (19.0.0). Is this fine? npm audit is ok
Unanswered
Champagne D’Argent posted this in #help-forum
Champagne D’ArgentOP
Hey! I ran the fix for the CVE,
npm i next@15.5.7 And next did get updated, and the npm audit got resolved, but the react version is still 19.0.0. Nothing else has changed in the package.json file, but the next version.6 Replies
Beside react version, next has own compiled react version
Also 15.5.7, i found that it includes 19.2.0 canary series of react, and react-*
Also 15.5.7, i found that it includes 19.2.0 canary series of react, and react-*
@LucetTin5 Beside react version, next has own compiled react version
Also 15.5.7, i found that it includes 19.2.0 canary series of react, and react-*
Champagne D’ArgentOP
for me its just 19.0.0 for react + react dom
I found them inside node_modules/next/dist/compiled/react/cjs/???.js (don't remember which file)
maybe file with
maybe file with
exports.version =@LucetTin5 Beside react version, next has own compiled react version
Also 15.5.7, i found that it includes 19.2.0 canary series of react, and react-*
Nile tilapia
Same in 15.3.6 it's a canary of 19.2 even if we specified 19.0.1 for react version
I searched that difference because I found sentry's react version was 19.2-canary-x. At that time I installed react 19.1. "Why my react version is different from I installed?"
Then I found app router use compiled react canary version. I don't know why and what feature is needed.
Then I found app router use compiled react canary version. I don't know why and what feature is needed.
Nile tilapia
So i guess we are fine and the compiled version is fixed