storybook-state icon indicating copy to clipboard operation
storybook-state copied to clipboard

Published 20 hours ago verified publisher icon Sambego

[Snyk] Security upgrade @storybook/react from 5.3.14 to 7.0.0

Open Sambego opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @storybook/react The new version differs by 250 commits.
  • 4f2afa6 v7.0.0
  • 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
  • b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
  • 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
  • f0b53cb 7.0.0 changelog
  • 930917d Merge pull request #21856 from storybookjs/docs/interactions-addon-migration
  • f1c13da 7.0.0-rc.11 next.json version file [skip ci]
  • 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
  • 908c324 v7.0.0-rc.11
  • 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
  • 324d9bb 7.0.0-rc.11 changelog
  • 37d9737 interactions debugger is now default
  • 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
  • a08ffc7 Put @ storybook/csf version back into next
  • 2cc1d36 Merge pull request #21850 from storybookjs/fix/tone-down-dependency-alerts
  • 941103b Merge pull request #21851 from storybookjs/valentin/export-application-config-decorator
  • 31700c0 Export applicationConfig decorator and adjust documentation for usage
  • 3d9544f Merge pull request #21846 from storybookjs/chore_docs_webpack_tweaks
  • 79b590b Tweaks to the Webpack docs
  • d193be5 Merge pull request #21836 from storybookjs/fix/downgrade-remark-deps
  • 79b1fde Merge pull request #21832 from storybookjs/fix/polyfill-global
  • 590f053 downgrade remark related dependencies
  • b421d95 only provide critical duplicated dependency warning on major version difference
  • acace30 Merge pull request #21724 from jungpaeng/docs/fix-controls

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sambego avatar May 20 '24 21:05 Sambego