If you've ever logged into your Vercel dashboard and seen a red warning that says "Action Required - Take action to secure your project from critical vulnerabilities", you're not alone. It can look scary, especially if you're not sure what it means or what to do next.
The good news? It's not as complicated as it sounds, and Vercel actually does most of the heavy lifting for you.
In simple terms, a vulnerability is like a unlocked back door in your app that hackers could potentially walk through. In this case, the issue is with React Server Components, a feature used in modern Next.js apps. A security flaw was discovered in it, and your project needs to be updated to close that door.
This guide will walk you through the alternative steps you need to take to fix it.
1 Go to the repository on GitHub and click Pull requests.
2 Open the available security pull request, “Fix React Server CVE vulnerabilities.”
3 Scroll down to the Checks section of the pull request and click the "Ready for review" button. Wait for GitHub to run the checks
4 Once all checks pass, the Merge pull request button will become clickable. Click Merge pull request.
5 Click Confirm merge.
Vercel will automatically redeploy your project. If automatic redeploy fails, go to vercel and do it manually.
Top comments (0)