Catalyst version 1.3.6 Release Notes

Catalyst v1.3.6 release addresses a security vulnerability (CVE-2025-55184, CVE-2025-55183) that affects React Server Components.

Key Changes

• Next.js 15.5.8: Upgraded from Next.js 15.5.7 to 15.5.8
• React 19: Upgraded to React 19.1.3 and React DOM 19.1.3

Migration Guide

{
	"dependencies": {
		"next": "15.5.8",
		"react": "19.1.3",
		"react-dom": "19.1.3"
	},
	"devDependencies": {
		"@next/bundle-analyzer": "15.5.8",
		"eslint-config-next": "15.5.8"
	}
}

pnpm install

Release Tags

We have published new tags for the Core and Makeswift versions of Catalyst. Target these tags to pull the latest code:

• @bigcommerce/catalyst-core@1.3.6
• @bigcommerce/catalyst-makeswift@1.3.7

And as always, you can pull the latest stable release with these tags:

• @bigcommerce/catalyst-core@latest
• @bigcommerce/catalyst-makeswift@latest