Chore: React, SDS upgrade for CVE-2025-66478 and CVE-2025-55182 (#390)

quietbits · web-flow · commit 3d5fc31d9ad7 · 2025-12-03T14:06:35.000-08:00
### What Update React to 19.2.1 Update SDS to 3.2.6 ### Why * CVE-2025-66478 * CVE-2025-55182
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Fix message when adding unknown trustline [#388](https://github.com/stellar/stellar-disbursement-platform-frontend/pull/388)
 
 ### Security and Dependencies
+- Upgrade React to 19.2.1 to address CVE-2025-66478 and CVE-2025-55182 [#390](https://github.com/stellar/stellar-disbursement-platform-backend/pull/390)
 - Bump the minor-and-patch group across 1 directory with 30 updates. [#386](https://github.com/stellar/stellar-disbursement-platform-frontend/pull/386)
 - Bump the all-actions group across 1 directory with 4 updates. [#383](https://github.com/stellar/stellar-disbursement-platform-frontend/pull/383)
 - Bump js-yaml from 4.1.0 to 4.1.1. [#381](https://github.com/stellar/stellar-disbursement-platform-frontend/pull/381)
diff --git a/package.json b/package.json
@@ -13,7 +13,7 @@
   "private": true,
   "dependencies": {
     "@reduxjs/toolkit": "^2.11.0",
-    "@stellar/design-system": "^3.1.4",
+    "@stellar/design-system": "^3.2.6",
     "@tanstack/react-query": "^5.90.11",
     "@tanstack/react-query-devtools": "^5.91.1",
     "assert": "^2.1.0",
@@ -30,8 +30,8 @@
     "path-browserify": "^1.0.1",
     "pbkdf2": "3.1.5",
     "process": "^0.11.10",
-    "react": "^19.2.0",
-    "react-dom": "^19.2.0",
+    "react": "^19.2.1",
+    "react-dom": "^19.2.1",
     "react-google-recaptcha": "^3.1.0",
     "react-redux": "^9.2.0",
     "react-router-dom": "^7.9.6",
diff --git a/yarn.lock b/yarn.lock
@@ -419,10 +419,10 @@
   dependencies:
     "@floating-ui/utils" "^0.2.10"
 
-"@floating-ui/dom@^1.6.13":
-  version "1.7.3"
-  resolved "https://registry.yarnpkg.com/@floating-ui/dom/-/dom-1.7.3.tgz#6174ac3409e6a064bbdf1f4bb07188ee9461f8cf"
-  integrity sha512-uZA413QEpNuhtb3/iIKoYMSK07keHPYeXF02Zhd6e213j+d1NamLix/mCLxBUDW/Gx52sPH2m+chlUsyaBs/Ag==
+"@floating-ui/dom@^1.7.4":
+  version "1.7.4"
+  resolved "https://registry.yarnpkg.com/@floating-ui/dom/-/dom-1.7.4.tgz#ee667549998745c9c3e3e84683b909c31d6c9a77"
+  integrity sha512-OOchDgh4F2CchOX94cRVqhvy7b3AFb+/rQXyswmzmGakRfkMgoWVjfnLWkRirfLEfuD4ysVW16eXzwt3jHIzKA==
   dependencies:
     "@floating-ui/core" "^1.7.3"
     "@floating-ui/utils" "^0.2.10"
@@ -790,15 +790,15 @@
   resolved "https://registry.yarnpkg.com/@standard-schema/utils/-/utils-0.3.0.tgz#3d5e608f16c2390c10528e98e59aef6bf73cae7b"
   integrity sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g==
 
-"@stellar/design-system@^3.1.4":
-  version "3.1.4"
-  resolved "https://registry.yarnpkg.com/@stellar/design-system/-/design-system-3.1.4.tgz#4857060f8b4dd5b98b5d63cb88b56fc80394649d"
-  integrity sha512-eRG2Fy0iRCC+DgsBuRMPc0h0R4dhb8E5zP0qL7T/B/GO8j/V1YlGKnUlte84skwr51BRJnvjFmBf9a2ve/k6dw==
+"@stellar/design-system@^3.2.6":
+  version "3.2.6"
+  resolved "https://registry.yarnpkg.com/@stellar/design-system/-/design-system-3.2.6.tgz#6be9094735180e968ebf1362075dca86af629b1b"
+  integrity sha512-A2RCUT1K0HC+H19mcKannP0LeAXWjdJWz/o0Gcwr/PmOaBLTDYKBYybCF+0k0LcLXApsKO3qgdbRv1IkhIPcLg==
   dependencies:
-    "@floating-ui/dom" "^1.6.13"
-    bignumber.js "^9.1.2"
+    "@floating-ui/dom" "^1.7.4"
+    bignumber.js "^9.3.1"
     lodash "^4.17.21"
-    react-copy-to-clipboard "^5.1.0"
+    react-copy-to-clipboard-ts "^1.3.0"
     tslib "^2.8.1"
 
 "@stellar/tsconfig@^1.0.2":
@@ -1561,11 +1561,6 @@ base64-js@^1.3.1:
   resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a"
   integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==
 
-bignumber.js@^9.1.2:
-  version "9.1.2"
-  resolved "https://registry.yarnpkg.com/bignumber.js/-/bignumber.js-9.1.2.tgz#b7c4242259c008903b13707983b5f4bbd31eda0c"
-  integrity sha512-2/mKyZH9K85bzOEfhXDBFZTGd1CTs+5IHpeFQo9luiBG7hghdC851Pj2WAhb6E3R6b9tZj/XKhbg4fum+Kepug==
-
 bignumber.js@^9.3.1:
   version "9.3.1"
   resolved "https://registry.yarnpkg.com/bignumber.js/-/bignumber.js-9.3.1.tgz#759c5aaddf2ffdc4f154f7b493e1c8770f88c4d7"
@@ -1897,7 +1892,7 @@ cookie@^1.0.1:
   resolved "https://registry.yarnpkg.com/cookie/-/cookie-1.0.2.tgz#27360701532116bd3f1f9416929d176afe1e4610"
   integrity sha512-9Kr/j4O16ISv8zBBhJoi4bXOYNTkFLOqSL3UDB0njXxCXNezjeyVrJyGOWtgfs/q2km1gwBcfH8q1yEGoMYunA==
 
-copy-to-clipboard@^3.3.1:
+copy-to-clipboard@^3.3.3:
   version "3.3.3"
   resolved "https://registry.yarnpkg.com/copy-to-clipboard/-/copy-to-clipboard-3.3.3.tgz#55ac43a1db8ae639a4bd99511c148cdd1b83a1b0"
   integrity sha512-2KV8NhB5JqC3ky0r9PMCAZKbUHSwtEo4CwCs0KXgruG43gX5PMqDEBbVU4OUzw2MuAWUfsuFmWvEKG5QRfSnJA==
@@ -4177,18 +4172,17 @@ react-async-script@^1.2.0:
     hoist-non-react-statics "^3.3.0"
     prop-types "^15.5.0"
 
-react-copy-to-clipboard@^5.1.0:
-  version "5.1.0"
-  resolved "https://registry.yarnpkg.com/react-copy-to-clipboard/-/react-copy-to-clipboard-5.1.0.tgz#09aae5ec4c62750ccb2e6421a58725eabc41255c"
-  integrity sha512-k61RsNgAayIJNoy9yDsYzDe/yAZAzEbEgcz3DZMhF686LEyukcE1hzurxe85JandPUG+yTfGVFzuEw3xt8WP/A==
+react-copy-to-clipboard-ts@^1.3.0:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/react-copy-to-clipboard-ts/-/react-copy-to-clipboard-ts-1.3.0.tgz#e44a81026af14c9b1aaddd1c93c79a4fbe140d0c"
+  integrity sha512-3z+WgPH5lT84m2ayucrPU3z/gRfWn+ADq/HTPWZqSq4iZNRiUBhpg78jDLIjtrDtgOH7iaGr5PXUbdnr3TQ3tg==
   dependencies:
-    copy-to-clipboard "^3.3.1"
-    prop-types "^15.8.1"
+    copy-to-clipboard "^3.3.3"
 
-react-dom@^19.2.0:
-  version "19.2.0"
-  resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-19.2.0.tgz#00ed1e959c365e9a9d48f8918377465466ec3af8"
-  integrity sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==
+react-dom@^19.2.1:
+  version "19.2.1"
+  resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-19.2.1.tgz#ce3527560bda4f997e47d10dab754825b3061f59"
+  integrity sha512-ibrK8llX2a4eOskq1mXKu/TGZj9qzomO+sNfO98M6d9zIPOEhlBkMkBUBLd1vgS0gQsLDBzA+8jJBVXDnfHmJg==
   dependencies:
     scheduler "^0.27.0"
 
@@ -4233,10 +4227,10 @@ react-router@7.9.6:
     cookie "^1.0.1"
     set-cookie-parser "^2.6.0"
 
-react@^19.2.0:
-  version "19.2.0"
-  resolved "https://registry.yarnpkg.com/react/-/react-19.2.0.tgz#d33dd1721698f4376ae57a54098cb47fc75d93a5"
-  integrity sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==
+react@^19.2.1:
+  version "19.2.1"
+  resolved "https://registry.yarnpkg.com/react/-/react-19.2.1.tgz#8600fa205e58e2e807f6ef431c9f6492591a2700"
+  integrity sha512-DGrYcCWK7tvYMnWh79yrPHt+vdx9tY+1gPZa7nJQtO/p8bLTDaHp4dzwEhQB7pZ4Xe3ok4XKuEPrVuc+wlpkmw==
 
 readable-stream@^2.3.8:
   version "2.3.8"
