fix: React Server Components拒绝服务漏洞 (CVE-2025-55184) 和 CVE-2025-54880

docker/docker-compose.dify-plus.yaml

@@ -710,7 +710,7 @@ services:
 
   # Frontend web application.
   web:
-    image: ccr.ccs.tencentyun.com/yfgaia/dify-plus-web:1.8.1.fix.2
+    image: ccr.ccs.tencentyun.com/yfgaia/dify-plus-web:1.8.1.fix.3
     restart: always
     environment:
       CONSOLE_API_URL: ${CONSOLE_API_URL:-}

web/package.json

@@ -101,19 +101,19 @@
     "lexical": "^0.30.0",
     "line-clamp": "^1.0.0",
     "lodash-es": "^4.17.21",
-    "mermaid": "11.4.1",
+    "mermaid": "11.10.0",
     "mime": "^4.0.4",
     "mitt": "^3.0.1",
     "negotiator": "^0.6.3",
-    "next": "~15.5.7",
+    "next": "~15.5.9",
     "next-themes": "^0.4.3",
     "papaparse": "^5.5.3",
     "pinyin-pro": "^3.25.0",
     "qrcode.react": "^4.2.0",
     "qs": "^6.13.0",
-    "react": "19.2.1",
+    "react": "19.2.3",
     "react-18-input-autosize": "^3.0.0",
-    "react-dom": "19.2.1",
+    "react-dom": "19.2.3",
     "react-easy-crop": "^5.1.0",
     "react-error-boundary": "^4.1.2",
     "react-headless-pagination": "^1.1.6",
@@ -164,9 +164,9 @@
     "@happy-dom/jest-environment": "^17.4.4",
     "@mdx-js/loader": "^3.1.0",
     "@mdx-js/react": "^3.1.0",
-    "@next/bundle-analyzer": "15.5.7",
-    "@next/eslint-plugin-next": "15.5.7",
-    "@next/mdx": "15.5.7",
+    "@next/bundle-analyzer": "15.5.9",
+    "@next/eslint-plugin-next": "15.5.9",
+    "@next/mdx": "15.5.9",
     "@rgrove/parse-xml": "^4.1.0",
     "@storybook/addon-essentials": "8.5.0",
     "@storybook/addon-interactions": "8.5.0",