storybook-state
storybook-state copied to clipboard
Published
20 hours ago •
Sambego
Sambego
[Snyk] Fix for 17 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970 |
Yes | Proof of Concept |
 |
504/1000 Why? Has a fix available, CVSS 5.8 |
Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326 |
Yes | No Known Exploit |
|
703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2 |
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-INI-1048974 |
Yes | Proof of Concept |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Validation Bypass SNYK-JS-KINDOF-537849 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
Yes | No Known Exploit |
|
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
Yes | Proof of Concept |
|
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-MINIMIST-559764 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
Yes | Proof of Concept |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536528 |
Yes | No Known Exploit |
|
624/1000 Why? Has a fix available, CVSS 8.2 |
Arbitrary File Overwrite SNYK-JS-TAR-1536531 |
Yes | No Known Exploit |
|
410/1000 Why? Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579147 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579152 |
Yes | No Known Exploit |
|
639/1000 Why? Has a fix available, CVSS 8.5 |
Arbitrary File Write SNYK-JS-TAR-1579155 |
Yes | No Known Exploit |
|
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) npm:debug:20170905 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @storybook/components
The new version differs by 250 commits.- e89e51a v6.1.0
- d004d19 Update root, peer deps, version.ts/json to 6.1.0
- 1d07f01 6.1.0 changelog
- 178e9bd 6.1.0-rc.6 next.json version file
- 971eccd Update git head to 6.1.0-rc.6
- 9009e53 v6.1.0-rc.6
- eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
- 5c0049b 6.1.0-rc.6 changelog
- 76d53b5 Merge pull request #13165 from storybookjs/13156-fix-cached-manager
- 4747fea Merge pull request #12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
- 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
- 428b6e0 6.1.0-rc.5 next.json version file
- a72852d Update git head to 6.1.0-rc.5
- a8822ed v6.1.0-rc.5
- 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
- 06b55c8 update 6.1-rc.5
- 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
- f701930 Merge pull request #13141 from ThibaudAV/update-angular-ex
- c8a819d Merge pull request #13162 from S1ngS1ng/patch-1
- cd7766e 6.1.0-rc.5 changelog addition
- 45ddc0c Merge pull request #13159 from storybookjs/12386-ie11-layout-centered
- f2123da 6.1.0-rc.5 changelog
- 30c5e98 fix incorrect component reference
- f6d4f0a Merge pull request #13155 from storybookjs/feature/sidebarClassNames
Package name: @storybook/react
The new version differs by 250 commits.- 05070ca v6.5.0
- 88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
- ca93284 6.5.0 changelog
- ff28cd9 6.5.0-rc.1 next.json version file
- 9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
- 3f09d4e v6.5.0-rc.1
- 82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
- 4b50e28 6.5.0-rc.1 changelog
- 0a6e347 Merge pull request #18220 from storybookjs/improve/detection-webpack5
- 95a5c80 move nextjs detection up
- 152e441 Merge pull request #18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
- 2948cae ArgsTable: Gracefully handle conditional args failures
- f837e31 Merge pull request #18246 from storybookjs/chore_docs_adds_mdx2_steps
- 73cf6ba adds MDX 2 docs and gotchas
- 64b07fe Merge pull request #18244 from storybookjs/chore_docs_cleanup_broken_links
- fef1a32 Fixes broken links
- 82ce9de Merge pull request #18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
- ebf9341 Merge pull request #18038 from bisubus/fix-vue3-tsx
- 9583cea remove repeated test
- 1b396fd 6.5.0-rc.0 next.json version file
- 6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
- c27fd9e v6.5.0-rc.0
- b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
- 19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 Validation Bypass 🦉 More lessons are available in Snyk Learn
