From 92d6715aeaa6a44ed44c8dead1caaaa6446178a6 Mon Sep 17 00:00:00 2001
From: "Ehsan.Asadi" <ehsan.asadi@zoodfood.com>
Date: Tue, 30 Dec 2025 15:32:15 +0330
Subject: [PATCH] security: fix CVE-2025-55182 + update dependencies (security)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Upgrade reflex 0.4.0 → 0.8.24.post1 to mitigate React Server Components RCE vulnerability (CVE-2025-55182, CVSS 10.0)
- Fix python-ovh package name: python-ovh → ovh (1.2.0) for Python 3.11 compatibility
- Refs: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

ApprovalToken: ۲
---
 requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index e772424..43e518f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,7 @@
 # ============================================
 # Core Framework
 # ============================================
-reflex==0.4.0
+reflex==0.8.24.post1  # Updated for security (CVE-2025-55182)
 
 # ============================================
 # Database & ORM
@@ -43,7 +43,7 @@ cryptography==41.0.7
 # ============================================
 python-digitalocean==1.17.0
 hcloud==1.33.2
-python-ovh==1.1.0
+ovh==1.2.0  # Correct package name (not python-ovh)
 
 # ============================================
 # Payment Gateways