Skip to content

Security Update: Upgrade Next.js and React to fix critical vulnerabilities (CVE-2025-66478, CVE-2025-55182) #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mashharuki wants to merge 3 commits into
base: master
Choose a base branch
from

fix: downgrade tailwindcss and @coinbase/cdp-sdk to pass cooldown check

b3bd865
Select commit
Loading
Failed to load commit list.
Open

Security Update: Upgrade Next.js and React to fix critical vulnerabilities (CVE-2025-66478, CVE-2025-55182) #93

fix: downgrade tailwindcss and @coinbase/cdp-sdk to pass cooldown check
b3bd865
Select commit
Loading
Failed to load commit list.
StepSecurity Actions Security / StepSecurity Required Checks succeeded Dec 11, 2025 in 6s

StepSecurity Required Checks

Finished StepSecurity Required Checks

  • NPM Package Cooldown Check - Fails if any package version in the PR was released within the configured cooldown period, helping to avoid brand-new (and potentially unreviewed or malicious) releases
  • NPM Compromised Packages Check - Checks for compromised npm package versions in the PR

Details

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

The following npm packages are inspected in current PR (showing first 50 of 294 packages)

Package Name Previous Version Current Version file Current Version Release Date
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@coinbase/cdp-sdk 1.39.0 package.json 2025-12-04T16:48:30Z
⏲️ History

Previous invocation results of same check:

✅ NPM Compromised Packages Check

No Compromised npm packages are added in current PR.

✅ NPM Package Cooldown Check

No npm package upgrades to recent releases found in current PR.

The following npm packages are inspected in current PR (showing first 50 of 294 packages)

Package Name Previous Version Current Version file Current Version Release Date
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
hono 4.10.7 4.10.8 package-lock.json 2025-12-09T08:26:43Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
caniuse-lite 1.0.30001759 1.0.30001760 package-lock.json 2025-12-09T04:53:47Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/eslint-plugin 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:45Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:26Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/scope-manager 8.46.1 8.49.0 package-lock.json 2025-12-08T17:06:20Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/types 8.48.1 8.49.0 package-lock.json 2025-12-08T17:06:00Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@typescript-eslint/tsconfig-utils 8.48.1 8.49.0 package-lock.json 2025-12-08T17:05:59Z
@coinbase/cdp-sdk 1.39.0 package.json 2025-12-04T16:48:30Z
⏲️ History

Previous invocation results of same check:

View more details on StepSecurity Actions Security