From 9f13d70b9fd16161788421dac0a3312b76679d8a Mon Sep 17 00:00:00 2001
From: Derek Bouius <derek.bouius@gmail.com>
Date: Wed, 1 Apr 2026 09:34:29 -0400
Subject: [PATCH] fix: bump next peerDependency minimum to ^15.5.7 for
 GHSA-9qr9-h5gf-34mp

Next.js versions >= 15.5.0-canary.0 and < 15.5.7 are vulnerable to RCE
via the React flight protocol. Raising the peerDependency floor to
^15.5.7 ensures consumers are not using affected versions.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index ddab8de..88d93b3 100644
--- a/package.json
+++ b/package.json
@@ -24,7 +24,7 @@
   "author": "Vectorize",
   "license": "MIT",
   "peerDependencies": {
-    "next": "^14.2.25 || ^15.2.3"
+    "next": "^14.2.25 || ^15.5.7"
   },
   "devDependencies": {
     "@types/node": "^20.0.0",