storybook
storybook copied to clipboard
Published
20 hours ago •
storybookjs
storybookjs
Vulneribility - High -Uncontrolled Resource Consumption in trim-newlines
Describe the bug
While I am installing the @storybook/react package in my system. It throws couple of security vulnerabilities warning. So some of them are below.
High Regular expression denial of service in glob-parent
Package glob-parent
Dependency of @storybook/react [dev]
Path @storybook/react > webpack > watchpack > watchpack-chokidar2
> chokidar > glob-parent
More info https://github.com/advisories/GHSA-ww39-953v-wcq6
High Regular expression denial of service in glob-parent
Package glob-parent
Patched in >=5.1.2
Dependency of @storybook/addon-essentials [dev]
Path @storybook/addon-essentials > @storybook/core-common >
webpack > watchpack > watchpack-chokidar2 > chokidar >
glob-parent
More info https://github.com/advisories/GHSA-ww39-953v-wcq6
High Regular expression denial of service in glob-parent
Package glob-parent
Patched in >=5.1.2
Dependency of @storybook/addon-essentials [dev]
Path @storybook/addon-essentials > @storybook/addon-controls >
@storybook/core-common > webpack > watchpack >
watchpack-chokidar2 > chokidar > glob-parent
More info https://github.com/advisories/GHSA-ww39-953v-wcq6
High Regular expression denial of service in glob-parent
Package glob-parent
Patched in >=5.1.2
Dependency of @storybook/addon-essentials [dev]
Path @storybook/addon-essentials > @storybook/addon-controls >
@storybook/core-common > webpack > watchpack >
watchpack-chokidar2 > chokidar > glob-parent
More info https://github.com/advisories/GHSA-ww39-953v-wcq6
High Regular expression denial of service in glob-parent
Package glob-parent
Patched in >=5.1.2
Dependency of @storybook/react [dev]
Path @storybook/react > @storybook/core > @storybook/core-server
> @storybook/core-common > webpack > watchpack >
watchpack-chokidar2 > chokidar > glob-parent
More info https://github.com/advisories/GHSA-ww39-953v-wcq6
High Regular expression denial of service in glob-parent
Package glob-parent
Patched in >=5.1.2
Dependency of @storybook/react [dev]
Path @storybook/react > @storybook/core > @storybook/core-server
> @storybook/telemetry > @storybook/core-common > webpack >
watchpack > watchpack-chokidar2 > chokidar > glob-parent
More info https://github.com/advisories/GHSA-ww39-953v-wcq6
To Reproduce You just need to do npm install. Nothing else.
System
Usage: index <command> [options]
Options:
--disable-telemetry disable sending telemetry data
--enable-crash-reports enable sending crash reports to telemetry data
-V, --version output the version number
-h, --help display help for command
Commands:
init [options] Initialize Storybook into your project.
add [options] <addon> Add an addon to your Storybook
babelrc generate the default storybook babel config into your current
working directory
upgrade [options] Upgrade your Storybook packages to the latest
info Prints debugging information about the local environment
migrate [options] [migration] Run a Storybook codemod migration on your source files
extract [location] [output] extract stories.json from a built version
repro [options] [outputDirectory] Create a reproduction from a set of possible templates
link [options] <repo-url-or-directory> Pull down a repro from a URL (or a local directory), link it,
and run storybook
automigrate [options] [fixId] Check storybook for known problems or migrations and apply
fixes
help [command] display help for command
Additional context Add any other context about the problem here.
Even after updating to the latest version, I'm getting the same issue but with angular.
The title of the issue does not really reflect the content. The problems with trim, glob-parent and trim-newlines where all reported in other issues before. They should be fixed in the latest v7-alpha versions.
