d29bb06cd4
> [!IMPORTANT] > This is an automatic PR generated by Vercel to help you patch known vulnerabilities related to CVE-2025-55182 (React2Shell), CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779. We can't guarantee the PR is comprehensive, and it may contain mistakes. Not all projects are affected by all issues, but **patched versions are required to ensure full remediation**. Vercel has deployed WAF mitigations globally to help protect your application, but upgrading remains required for complete protection. This automated pull request updates your React, Next.js, and related Server Components packages to versions that fix **all currently known React Server Components vulnerabilities**, including the two newly discovered issues. See our [Security Bulletins](https://vercel.com/kb/bulletin/) for more information and reach out to security@vercel.com with any questions. Fixes VULN-3312 --------- Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com> Co-authored-by: Anthony Shew <anthonyshew@gmail.com> |
||
|---|---|---|
| .. | ||
| .changeset | ||
| .github/workflows | ||
| apps/docs | ||
| packages | ||
| .gitignore | ||
| .npmrc | ||
| meta.json | ||
| package.json | ||
| pnpm-lock.yaml | ||
| pnpm-workspace.yaml | ||
| README.md | ||
| turbo.json | ||
Turborepo Design System starter with Changesets
This is a community-maintained example. If you experience a problem, please submit a pull request with a fix. GitHub Issues will be closed.
Using this example
Run the following command:
npx create-turbo@latest -e with-changesets
What's inside?
This Turborepo includes the following:
Apps and Packages
@acme/docs: A placeholder documentation site powered by Next.js@acme/core: core React components@acme/utils: shared React utilities@acme/tsconfig: sharedtsconfig.jsons used throughout the monorepo@acme/eslint-config: ESLint preset
Each package and app is 100% TypeScript.
Utilities
This Turborepo has some additional tools already setup for you:
- TypeScript for static type checking
- ESLint for code linting
- Prettier for code formatting
Useful commands
yarn build- Build all packages and the docs siteyarn dev- Develop all packages and the docs siteyarn lint- Lint all packagesyarn changeset- Generate a changesetyarn clean- Clean up allnode_modulesanddistfolders (runs each package's clean script)
Changing the npm organization scope
The npm organization scope for this design system starter is @acme. To change this, it's a bit manual at the moment, but you'll need to do the following:
- Rename folders in
packages/*to replaceacmewith your desired scope - Search and replace
acmewith your desired scope - Re-run
yarn install
Versioning and Publishing packages
Package publishing has been configured using Changesets. Please review their documentation to familiarize yourself with the workflow.
This example comes with automated npm releases setup in a GitHub Action. To get this working, you will need to create an NPM_TOKEN and GITHUB_TOKEN in your repository settings. You should also install the Changesets bot on your GitHub repository as well.
For more information about this automation, refer to the official changesets documentation
npm
If you want to publish package to the public npm registry and make them publicly available, this is already setup.
To publish packages to a private npm organization scope, remove the following from each of the package.json's
- "publishConfig": {
- "access": "public"
- },