Railway wrongly flagged next cve versions
kinshuk8
HOBBYOP
2 months ago
Railway wrongly flagged next@^15.2.8 version as vulnerable to the CVE. This version was actually a patched version. Upgrading next is a huge hassle right now for us.
Could you please unflag it so that we can deploy peacefully?
2 Replies
Railway
BOT
2 months ago
Hey there! We've found the following might help you get unblocked faster:
If you find the answer from one of these, please let us know by solving the thread!
2 months ago
I would start by making sure that the CVE flag is not from a peer dependency.
I would try and update all your deps and see if that helps first- I saw someone else run into this and it was because one of their other dependencies relied on a vulnerable version of next.js