Skip to content

[internal] Bump Next.js & React version to avoid security vulnerability #47427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ZeeshanTamboli merged 2 commits into from
Dec 9, 2025
Merged

[internal] Bump Next.js & React version to avoid security vulnerability #47427

ZeeshanTamboli merged 2 commits into from
Dec 9, 2025

Conversation

@oliviertassinari
Copy link
Member

@oliviertassinari oliviertassinari commented Dec 6, 2025
edited
Loading

https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components. I saw this from mui/mui-x#20555.

Off-topic: cc devex (@alelthomas @mapache-salvaje) Next.js v16 was released 6+ weeks ago. We need to update the examples,

material-ui/examples/material-ui-nextjs-ts/package.json

Line 18 in 62a110d

"next": "^15.0.0",

Either "latest" or v16. Can we do it? Thanks

@oliviertassinari oliviertassinari added security Pull requests that address a security vulnerability. examples Relating to /examples. labels Dec 6, 2025
@oliviertassinari oliviertassinari changed the title [examples] Bump next.js verion to avoid security vulnerability [internal] Bump Next.js & React version to avoid security vulnerability Dec 6, 2025
@oliviertassinari oliviertassinari force-pushed the increase-range-security-next branch from 5bc8bdd to 3deda1b Compare December 6, 2025 23:11
@mui-bot
Copy link

mui-bot commented Dec 6, 2025
edited
Loading

Netlify deploy preview

https://deploy-preview-47427--material-ui.netlify.app/

Bundle size report

Bundle Parsed size Gzip size
@mui/material 0B(0.00%) 0B(0.00%)
@mui/lab 0B(0.00%) 0B(0.00%)
@mui/system 0B(0.00%) 0B(0.00%)
@mui/utils 0B(0.00%) 0B(0.00%)

Details of bundle changes

Generated by 🚫 dangerJS against 25fa267

@oliviertassinari oliviertassinari added internal Behind-the-scenes enhancement. Formerly called “core”. type: enhancement It’s an improvement, but we can’t make up our mind whether it's a bug fix or a new feature. and removed examples Relating to /examples. labels Dec 6, 2025
@ZeeshanTamboli
Copy link
Member

ZeeshanTamboli commented Dec 9, 2025

The Material UI devDependencies which has react and react-dom and depedencies which has react-is will be upgraded in #47436.

@ZeeshanTamboli ZeeshanTamboli enabled auto-merge (squash) December 9, 2025 14:02
@ZeeshanTamboli ZeeshanTamboli merged commit faa64af into mui:master Dec 9, 2025
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZeeshanTamboli ZeeshanTamboli ZeeshanTamboli approved these changes

Assignees

No one assigned

Labels

internal Behind-the-scenes enhancement. Formerly called “core”. security Pull requests that address a security vulnerability. type: enhancement It’s an improvement, but we can’t make up our mind whether it's a bug fix or a new feature.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@oliviertassinari @mui-bot @ZeeshanTamboli