storybook-state icon indicating copy to clipboard operation
storybook-state copied to clipboard

Published 20 hours ago verified publisher icon Sambego

[Snyk] Security upgrade @storybook/react from 5.3.14 to 6.4.13

Open Sambego opened this issue 3 years ago • 0 comments
trafficstars

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LOADERUTILS-3105943		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @storybook/react The new version differs by 250 commits.
  • d0c1e8a v6.4.13
  • ad95877 Update root, peer deps, version.ts/json to 6.4.13 [ci skip]
  • 908cda1 6.4.13 changelog
  • ee5c044 Merge pull request #17245 from storybookjs/fix-prettier-2-3-formatting-main
  • c3311c0 Update snapshots
  • a533573 Fix prettier 2.3 formatting on main
  • 59b85c7 Merge pull request #17241 from storybookjs/17008-fix-staticdirs-favicon
  • f2a7256 Merge pull request #17022 from Taillook/chore/react-dev-utils
  • ec142c8 Merge pull request #17239 from storybookjs/16820-fix-prettier-transpilation
  • de25e19 Merge pull request #17206 from storybookjs/angular/fix-angular-13.1
  • 8fe4027 Merge pull request #17240 from storybookjs/15574-fix-namedexportsorder-warning
  • 8346850 Merge pull request #17213 from storybookjs/16067-fix-manager-process
  • 3a0fd74 Merge pull request #17244 from storybookjs/chore_docs_fix_composition_link
  • 7e43adc Merge pull request #17224 from storybookjs/chore_docs_update_addons_install_docs
  • 373ca10 Merge pull request #17221 from storybookjs/chore_docs_fix_addon_knowledge_base
  • 1e1331d Merge pull request #17208 from storybookjs/chore_docs_updates_syntax_highlight_docs
  • 00a6c36 Merge pull request #17203 from storybookjs/chore_fix_repro_docs
  • f0a2216 6.4.12 latest.json version file
  • 180e481 Update git head to 6.4.12, update yarn.lock
  • 9ce1a3b v6.4.12
  • b278a84 Update root, peer deps, version.ts/json to 6.4.12 [ci skip]
  • 7610bf0 6.4.12 changelog
  • 704d82a Update git head to 6.4.11, update yarn.lock
  • dc7fc7b v6.4.11

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sambego avatar Nov 15 '22 20:11 Sambego