From 79f69bf8610ea871801fce7e993733a847b12640 Mon Sep 17 00:00:00 2001
From: Chris Tate <ctate@users.noreply.github.com>
Date: Tue, 9 Dec 2025 15:34:30 -0600
Subject: [PATCH] fix: upgrade Next.js to 15.5.7 (CVE-2025-55182)

This upgrade fixes CVE-2025-55182, a React Server Components RCE vulnerability.
---
 apps/components/package.json | 2 +-
 apps/web/package.json        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/components/package.json b/apps/components/package.json
index 28ddc7c..bb130aa 100644
--- a/apps/components/package.json
+++ b/apps/components/package.json
@@ -12,7 +12,7 @@
     "@radix-ui/react-slot": "^1.2.4",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
-    "next": "catalog:",
+    "next": "15.5.7",
     "react": "catalog:",
     "react-dom": "catalog:",
     "remote-components": "catalog:",
diff --git a/apps/web/package.json b/apps/web/package.json
index c65ca03..7e3e400 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -15,7 +15,7 @@
     "@mdx-js/react": "^3.1.1",
     "@next/mdx": "^16.0.3",
     "canvas-confetti": "^1.9.3",
-    "next": "catalog:",
+    "next": "15.5.7",
     "next-mdx-remote": "^5.0.0",
     "react": "catalog:",
     "react-dom": "catalog:",