storybook-state [Snyk] Fix for 2 vulnerabilities

[Snyk] Fix for 2 vulnerabilities

Open Sambego opened this issue 1 year ago • 0 comments

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	828/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	Yes	Proof of Concept
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Cross-site Scripting (XSS) SNYK-JS-MARKDOWNTOJSX-6258886	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/components

The new version differs by 250 commits.

05070ca v6.5.0
88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
ca93284 6.5.0 changelog
ff28cd9 6.5.0-rc.1 next.json version file
9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
3f09d4e v6.5.0-rc.1
82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
4b50e28 6.5.0-rc.1 changelog
0a6e347 Merge pull request #18220 from storybookjs/improve/detection-webpack5
95a5c80 move nextjs detection up
152e441 Merge pull request #18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
2948cae ArgsTable: Gracefully handle conditional args failures
f837e31 Merge pull request #18246 from storybookjs/chore_docs_adds_mdx2_steps
73cf6ba adds MDX 2 docs and gotchas
64b07fe Merge pull request #18244 from storybookjs/chore_docs_cleanup_broken_links
fef1a32 Fixes broken links
82ce9de Merge pull request #18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
ebf9341 Merge pull request #18038 from bisubus/fix-vue3-tsx
9583cea remove repeated test
1b396fd 6.5.0-rc.0 next.json version file
6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
c27fd9e v6.5.0-rc.0
b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]

Package name: @storybook/react

The new version differs by 250 commits.

4f2afa6 v7.0.0
03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
f0b53cb 7.0.0 changelog
930917d Merge pull request #21856 from storybookjs/docs/interactions-addon-migration
f1c13da 7.0.0-rc.11 next.json version file [skip ci]
512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
908c324 v7.0.0-rc.11
5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
324d9bb 7.0.0-rc.11 changelog
37d9737 interactions debugger is now default
9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
a08ffc7 Put @ storybook/csf version back into next
2cc1d36 Merge pull request #21850 from storybookjs/fix/tone-down-dependency-alerts
941103b Merge pull request #21851 from storybookjs/valentin/export-application-config-decorator
31700c0 Export applicationConfig decorator and adjust documentation for usage
3d9544f Merge pull request #21846 from storybookjs/chore_docs_webpack_tweaks
79b590b Tweaks to the Webpack docs
d193be5 Merge pull request #21836 from storybookjs/fix/downgrade-remark-deps
79b1fde Merge pull request #21832 from storybookjs/fix/polyfill-global
590f053 downgrade remark related dependencies
b421d95 only provide critical duplicated dependency warning on major version difference
acace30 Merge pull request #21724 from jungpaeng/docs/fix-controls

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

Oct 19 '24 03:10 Sambego