storybook-state icon indicating copy to clipboard operation
storybook-state copied to clipboard

Published 20 hours ago verified publisher icon Sambego

[Snyk] Security upgrade @storybook/react from 5.3.14 to 6.5.0

Open Sambego opened this issue 2 years ago • 0 comments
trafficstars

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4		 Prototype Pollution
SNYK-JS-JSON5-3182856		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @storybook/react The new version differs by 250 commits.
  • 05070ca v6.5.0
  • 88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
  • ca93284 6.5.0 changelog
  • ff28cd9 6.5.0-rc.1 next.json version file
  • 9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
  • 3f09d4e v6.5.0-rc.1
  • 82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
  • 4b50e28 6.5.0-rc.1 changelog
  • 0a6e347 Merge pull request #18220 from storybookjs/improve/detection-webpack5
  • 95a5c80 move nextjs detection up
  • 152e441 Merge pull request #18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
  • 2948cae ArgsTable: Gracefully handle conditional args failures
  • f837e31 Merge pull request #18246 from storybookjs/chore_docs_adds_mdx2_steps
  • 73cf6ba adds MDX 2 docs and gotchas
  • 64b07fe Merge pull request #18244 from storybookjs/chore_docs_cleanup_broken_links
  • fef1a32 Fixes broken links
  • 82ce9de Merge pull request #18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
  • ebf9341 Merge pull request #18038 from bisubus/fix-vue3-tsx
  • 9583cea remove repeated test
  • 1b396fd 6.5.0-rc.0 next.json version file
  • 6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
  • c27fd9e v6.5.0-rc.0
  • b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
  • 19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sambego avatar Dec 25 '22 17:12 Sambego