@bigcommerce/[email protected]

Patch Changes

• #2773 b475a36 Thanks @chanceaclark! - Catalyst has been upgraded to Next.js 15.5.9. This is a patch version upgrade that requires migration steps for existing stores to fix a security vulnerability.

  🔒 Security Update

  This upgrade addresses a security vulnerability (CVE-2025-55184 + CVE-2025-55183) that affects React Server Components. These vulnerabilities allow a Denial of Service attack and Source Code Exposure attach. This upgrade includes:

  • Next.js 15.5.9 with the security patch
  • React 19.1.4 and React DOM 19.1.4 with the security patch

  All users are strongly encouraged to upgrade immediately.

  Key Changes

  • ⚡ Next.js 15.5.9: Upgraded from Next.js 15.5.7 to 15.5.9
  • ⚛️ React 19: Upgraded to React 19.1.4 and React DOM 19.1.4

  Migration Guide

  Update Dependencies

  If you're maintaining a custom Catalyst store, update your package.json:

  {
    "dependencies": {
      "next": "15.5.9",
      "react": "19.1.4",
      "react-dom": "19.1.4"
    },
    "devDependencies": {
      "@next/bundle-analyzer": "15.5.9",
      "eslint-config-next": "15.5.9"
    }
  }

  Then run:

  pnpm install

@bigcommerce/[email protected]

Patch Changes

• #2764 83c5b75 Thanks @chanceaclark! - # Next.js 15.5.8 Upgrade

  Catalyst has been upgraded to Next.js 15.5.8. This is a patch version upgrade that requires migration steps for existing stores to fix a security vulnerability.

  🔒 Critical Security Update

  This upgrade addresses a critical security vulnerability (CVE-2025-55184 + CVE-2025-55183) that affects React Server Components. These vulnerabilities allow a Denial of Service attack and Source Code Exposure attach. This upgrade includes:

  • Next.js 15.5.8 with the security patch
  • React 19.1.3 and React DOM 19.1.3 with the security patch

  All users are strongly encouraged to upgrade immediately.

  Key Changes

  • ⚡ Next.js 15.5.8: Upgraded from Next.js 15.5.7 to 15.5.8
  • ⚛️ React 19: Upgraded to React 19.1.3 and React DOM 19.1.3

  Migration Guide

  Update Dependencies

  If you're maintaining a custom Catalyst store, update your package.json:

  {
    "dependencies": {
      "next": "15.5.8",
      "react": "19.1.3",
      "react-dom": "19.1.3"
    },
    "devDependencies": {
      "@next/bundle-analyzer": "15.5.8",
      "eslint-config-next": "15.5.8"
    }
  }

  Then run:

  pnpm install

@bigcommerce/[email protected]

Patch Changes

• #2775 442ae1b Thanks @bookernath! - Bump Next.js to 15.5.9 to address security vulnerability

@bigcommerce/[email protected]

Patch Changes

• #2762 7f3a184 Thanks @chanceaclark! - # Next.js 15.5.8 Upgrade

  Catalyst has been upgraded to Next.js 15.5.8. This is a patch version upgrade that requires migration steps for existing stores to fix a security vulnerability.

  🔒 Critical Security Update

  This upgrade addresses a critical security vulnerability (CVE-2025-55184 + CVE-2025-55183) that affects React Server Components. These vulnerabilities allow a Denial of Service attack and Source Code Exposure attach. This upgrade includes:

  • Next.js 15.5.8 with the security patch
  • React 19.1.3 and React DOM 19.1.3 with the security patch

  All users are strongly encouraged to upgrade immediately.

  Key Changes

  • ⚡ Next.js 15.5.8: Upgraded from Next.js 15.5.7 to 15.5.8
  • ⚛️ React 19: Upgraded to React 19.1.3 and React DOM 19.1.3

  Migration Guide

  Update Dependencies

  If you're maintaining a custom Catalyst store, update your package.json:

  {
    "dependencies": {
      "next": "15.5.8",
      "react": "19.1.3",
      "react-dom": "19.1.3"
    },
    "devDependencies": {
      "@next/bundle-analyzer": "15.5.8",
      "eslint-config-next": "15.5.8"
    }
  }

  Then run:

  pnpm install

@bigcommerce/[email protected]

Changelog

0.24.2

Patch Changes

• 8016f01 Thanks @bookernath! - Bump Next.js to latest version to address CVE

0.24.1

Patch Changes

• 632a645 Thanks @bookernath! - Add stub for generating Customer Login API tokens for SSO integrations

• 632a645 Thanks @bookernath! - Add /login/token endpoint to power Customer Login API

• #1816 6eb30ac Thanks @bc-svc-local! - Update translations.

0.24.0

Minor Changes

• #1749 cacdd22 Thanks @chanceaclark! - Change the rest of the auth pages to use toasts.

• #1746 0e34915 Thanks @chanceaclark! - Converts the change password messages over to using a toast. This should provide a better DX and UX.

• #1747 608b886 Thanks @chanceaclark! - Update the register customer page to use toasts for messaging.

• #1749 cacdd22 Thanks @chanceaclark! - Converts the reset password messages over to using a toast.

• #1749 cacdd22 Thanks @chanceaclark! - Remove the account state provider components

• #1749 cacdd22 Thanks @chanceaclark! - Converts the login messages over to using a toast.

• #1743 7c03428 Thanks @chanceaclark! - After login, redirect to orders page instead of an account overview page. This also removes the account overview page.

• #1741 5136fac Thanks @chanceaclark! - If a customer is already logged in, we want to redirect them back to their account pages if they are trying to hit one of the non-logged-in customer auth routes. The prevents any side effects that may occur trying to re-auth the client. This is done by providing a root layout.tsx page under the (auth) route group.

• #1749 cacdd22 Thanks @chanceaclark! - Converts the change/forgot password messages over to using a toast.

Patch Changes

• #1765 1c9b880 Thanks @bookernath! - Assign cart to customer as part of initial login mutation

• #1760 f6161c5 Thanks @bc-svc-local! - Update translations.

0.23.0

Minor Changes

• #1639 ae2c6cd Thanks @bc-alexsaiannyi! - Add orders for customer account. Now customer can open orders history or move to specific order details.

• #1729 d52affe Thanks @chanceaclark! - Removed ReCaptcha validation when you are logged in and making account changes. We have already validated a customer is human at the loggin screen.

• #1728 d7dbd7a Thanks @chanceaclark! - Convert the messages that were displayed when deleting an address over to using the toast functionality.

Patch Changes

• #1727 d3c6dbc Thanks @migueloller! - Ignore empty strings when parsing array URL search parameters in faceted search.

• #1730 ad8c86d Thanks @chanceaclark! - Fixes the inventory handling to handle some options being out of stock.

0.22.1

Patch Changes

• #1649 d38f164 Thanks @bc-alexsaiannyi! - improve account forms submit errors message

• #1651 1a222cb Thanks @bc-yevhenii-buliuk! - refresh the entire list of addresses after deleting an address

• #1722 1f0c2ef Thanks @chanceaclark! - Remove --turbo from pnpm dev as it has some issues with the latest dependency bump, along with others.

0.22.0

Minor Changes

• #1717 12fea79 Thanks @chanceaclark! - Add a check for variant stock levels on add to cart button

• #1674 512c338 Thanks @chanceaclark! - Uses the API responses to show better errors when adding a product to the cart.

• #1710 15edf31 Thanks @chanceaclark! - Rename BcImage to Image

• #1703 7b598ff Thanks @chanceaclark! - Adds localized data fetching withing the beforeRequest client helper. If information is translated (currently possible to update via the Admin GraphQL API) then we will return the translated product data. See https://developer.bigcommerce.com/docs/store-operations/catalog/graphql-admin/product-basic-info for more information on how to use overrides.

• #1710 15edf31 Thanks @chanceaclark! - Force usage of the <Image/> component. This component should fallback to using the default image loader if the url doesn't come from the BigCommerce CDN.

• #1672 ffefc61 Thanks @chanceaclark! - If a string is not provided in the selected locale, the translation system will fallback to "en" for that specific entry.

Patch Changes

• #1661 93d9984 Thanks @bookernath! - Remove webpack chunk plugin

• #1688 3267840 Thanks @thebigrick! - Added aria label for compare button

• #1617 c852961 Thanks @bc-yevhenii-buliuk! - UX improvements ...

@bigcommerce/[email protected]

Patch Changes

• #2755 2ce7545 Thanks @jorgemoya! - # Next.js 15.5.7 Upgrade

Catalyst has been upgraded to Next.js 15.5.7. This is a patch version upgrade that requires migration steps for existing stores to fix a security vulnerability.

🔒 Critical Security Update

This upgrade addresses a critical security vulnerability (CVE-2025-55182) that affects React Server Components. The vulnerability allowed unauthenticated remote code execution on servers running React Server Components. This upgrade includes:

• Next.js 15.5.7 with the security patch
• React 19.1.2 and React DOM 19.1.2 with the security patch

All users are strongly encouraged to upgrade immediately.

Key Changes

• ⚡ Next.js 15.5.7: Upgraded from Next.js 15.5.1-canary.4 to 15.5.7 (no more canary)
• ⚛️ React 19: Upgraded to React 19.1.2 and React DOM 19.1.2
• 🔄 Partial Prerendering (PPR) Removed: Removed partial prerendering as it's unsupported in non-canary versions of Next.js 15.

⚠️ Partial Prerendering (PPR) Removed

Important: PPR (Partial Prerendering) has been removed in this release as it's unsupported in non-canary versions of Next.js 15.

• The ppr experimental flag has been removed from next.config.ts
• Full support for Next.js 16's and it's new cache component patterns will be added in a future release
• This may result in different performance characteristics compared to the Next.js 15 + PPR setup

Migration Guide

Step 1: Update Dependencies

If you're maintaining a custom Catalyst store, update your package.json:

{
  "dependencies": {
    "next": "15.5.7",
    "react": "^19.1.2",
    "react-dom": "^19.1.2"
  }
}

Then run:

pnpm install

Step 2: Update next.config.ts

Remove or comment out PPR configuration:

// Remove or disable:
// experimental: {
//   ppr: 'incremental',
// }

Step 3: Remove export const experimental_ppr

Remove any references to export const experimental_ppr in your codebase as it is not being used anymore.

@bigcommerce/[email protected]

Patch Changes

• #2746 a0408ee Thanks @chanceaclark! - Pulls in changes from the @bigcommerce/[email protected] patch.

@bigcommerce/[email protected]

Patch Changes

• #2744 720fe17 Thanks @chanceaclark! - # Next.js 15.5.7 Upgrade

  Catalyst has been upgraded to Next.js 15.5.7. This is a patch version upgrade that requires migration steps for existing stores to fix a security vulnerability.

  🔒 Critical Security Update

  This upgrade addresses a critical security vulnerability (CVE-2025-55182) that affects React Server Components. The vulnerability allowed unauthenticated remote code execution on servers running React Server Components. This upgrade includes:

  • Next.js 15.5.7 with the security patch
  • React 19.1.2 and React DOM 19.1.2 with the security patch

  All users are strongly encouraged to upgrade immediately.

  Key Changes

  • ⚡ Next.js 15.5.7: Upgraded from Next.js 15.5.1-canary.4 to 15.5.7 (no more canary)
  • ⚛️ React 19: Upgraded to React 19.1.2 and React DOM 19.1.2
  • 🔄 Partial Prerendering (PPR) Removed: Removed partial prerendering as it's unsupported in non-canary versions of Next.js 15.

  ⚠️ Partial Prerendering (PPR) Removed

  Important: PPR (Partial Prerendering) has been removed in this release as it's unsupported in non-canary versions of Next.js 15.

  • The ppr experimental flag has been removed from next.config.ts
  • Full support for Next.js 16's and it's new cache component patterns will be added in a future release
  • This may result in different performance characteristics compared to the Next.js 15 + PPR setup

  Migration Guide

  Step 1: Update Dependencies

  If you're maintaining a custom Catalyst store, update your package.json:

  {
    "dependencies": {
      "next": "15.5.7",
      "react": "^19.1.2",
      "react-dom": "^19.1.2"
    },
    "devDependencies": {
      "@next/bundle-analyzer": "15.5.7",
      "eslint-config-next": "15.5.7"
    }
  }

  Then run:

  pnpm install

  Step 2: Update next.config.ts

  Remove or comment out PPR configuration:

  // Remove or disable:
  // experimental: {
  //   ppr: 'incremental',
  // }

  Remove or comment out eslint config

  // eslint: {
  //     ignoreDuringBuilds: !!process.env.CI,
  //     dirs: [
  //     'app',
  //     'auth',
  //     'build-config',
  //     'client',
  //     'components',
  //     'data-transformers',
  //     'i18n',
  //     'lib',
  //     'middlewares',
  //     'scripts',
  //     'tests',
  //     'vibes',
  //     ],
  // },

  Step 3: Remove export const experimental_ppr

  Remove any references to export const experimental_ppr in your codebase as it is not being used anymore.

@bigcommerce/[email protected]

Patch Changes

• #2736 05f40a2 Thanks @chanceaclark! - Enable Makeswift builder to work in different environments by adding apiOrigin and appOrigin props to ReactRuntimeProvider.

  Action required: Add the following environment variables:

  • NEXT_PUBLIC_MAKESWIFT_API_ORIGIN
  • NEXT_PUBLIC_MAKESWIFT_APP_ORIGIN

  Deprecation notice: MAKESWIFT_API_ORIGIN and MAKESWIFT_APP_ORIGIN are deprecated and will be removed in v1.4.0. Prefix MAKESWIFT_API_ORIGIN and MAKESWIFT_APP_ORIGIN with NEXT_PUBLIC_ to migrate.

@bigcommerce/[email protected]

Patch Changes

• #2723 dbafb31 Thanks @chanceaclark! - Noop release to account for typecheck issue.