storybook-state
storybook-state copied to clipboard
Published
20 hours ago •
Sambego
Sambego
[Snyk] Fix for 22 vulnerabilities
trafficstars
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
-
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
-
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035 |
Yes | No Known Exploit |
|
526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1 |
Arbitrary Code Injection SNYK-JS-EJS-1049328 |
Yes | Proof of Concept |
|
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1 |
Remote Code Execution (RCE) SNYK-JS-EJS-2803307 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
Yes | Proof of Concept |
|
504/1000 Why? Has a fix available, CVSS 5.8 |
Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-IMMER-1019369 |
Yes | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-IMMER-1540542 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992 |
Yes | No Known Exploit |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-LOADERUTILS-3043105 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581 |
Yes | Proof of Concept |
|
584/1000 Why? Has a fix available, CVSS 7.4 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202 |
Yes | Proof of Concept |
|
484/1000 Why? Has a fix available, CVSS 5.4 |
Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333 |
Yes | No Known Exploit |
|
629/1000 Why? Has a fix available, CVSS 8.3 |
Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628 |
Yes | No Known Exploit |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Command Injection SNYK-JS-REACTDEVUTILS-1083268 |
Yes | Proof of Concept |
|
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
Yes | Proof of Concept |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @storybook/components
The new version differs by 250 commits.- e89e51a v6.1.0
- d004d19 Update root, peer deps, version.ts/json to 6.1.0
- 1d07f01 6.1.0 changelog
- 178e9bd 6.1.0-rc.6 next.json version file
- 971eccd Update git head to 6.1.0-rc.6
- 9009e53 v6.1.0-rc.6
- eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
- 5c0049b 6.1.0-rc.6 changelog
- 76d53b5 Merge pull request #13165 from storybookjs/13156-fix-cached-manager
- 4747fea Merge pull request #12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
- 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
- 428b6e0 6.1.0-rc.5 next.json version file
- a72852d Update git head to 6.1.0-rc.5
- a8822ed v6.1.0-rc.5
- 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
- 06b55c8 update 6.1-rc.5
- 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
- f701930 Merge pull request #13141 from ThibaudAV/update-angular-ex
- c8a819d Merge pull request #13162 from S1ngS1ng/patch-1
- cd7766e 6.1.0-rc.5 changelog addition
- 45ddc0c Merge pull request #13159 from storybookjs/12386-ie11-layout-centered
- f2123da 6.1.0-rc.5 changelog
- 30c5e98 fix incorrect component reference
- f6d4f0a Merge pull request #13155 from storybookjs/feature/sidebarClassNames
Package name: @storybook/react
The new version differs by 250 commits.- 05070ca v6.5.0
- 88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
- ca93284 6.5.0 changelog
- ff28cd9 6.5.0-rc.1 next.json version file
- 9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
- 3f09d4e v6.5.0-rc.1
- 82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
- 4b50e28 6.5.0-rc.1 changelog
- 0a6e347 Merge pull request #18220 from storybookjs/improve/detection-webpack5
- 95a5c80 move nextjs detection up
- 152e441 Merge pull request #18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
- 2948cae ArgsTable: Gracefully handle conditional args failures
- f837e31 Merge pull request #18246 from storybookjs/chore_docs_adds_mdx2_steps
- 73cf6ba adds MDX 2 docs and gotchas
- 64b07fe Merge pull request #18244 from storybookjs/chore_docs_cleanup_broken_links
- fef1a32 Fixes broken links
- 82ce9de Merge pull request #18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
- ebf9341 Merge pull request #18038 from bisubus/fix-vue3-tsx
- 9583cea remove repeated test
- 1b396fd 6.5.0-rc.0 next.json version file
- 6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
- c27fd9e v6.5.0-rc.0
- b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
- 19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]
With a Snyk patch:
| Severity | Priority Score (*) | Issue | Exploit Maturity |
|---|---|---|---|
|
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Arbitrary Code Injection 🦉 Prototype Pollution 🦉 More lessons are available in Snyk Learn
