Skip to content
This repository has been archived by the owner on May 16, 2024. It is now read-only.

Prebundle @storybook/instrumenter package #27

Merged
merged 7 commits into from
Apr 28, 2023
Merged

Prebundle @storybook/instrumenter package #27

merged 7 commits into from
Apr 28, 2023

Conversation

ndelangen
Copy link
Member

@ndelangen ndelangen commented Apr 25, 2023
edited by yannbf

Change Type

Indicate the type of change your pull request is:

  • maintenance
  • documentation
  • patch
  • minor
  • major

Release notes

This change bundles the @storybook/instrumenter package which fixes dependency conflicts in certain scenarios. It shouldn't impact the functionality of the package itself, but let us know if you experience any issues!

📦 Published PR as canary version: 0.1.1--canary.27.32edae4.0

✨ Test out this PR locally via:

npm install @storybook/jest@0.1.1--canary.27.32edae4.0
# or 
yarn add @storybook/jest@0.1.1--canary.27.32edae4.0

@ndelangen ndelangen self-assigned this Apr 25, 2023
@ndelangen ndelangen requested a review from yannbf April 25, 2023 14:43
@ndelangen ndelangen changed the title change to use tsup prebundle instrumenter Apr 25, 2023
Base automatically changed from norbert/tsup to future April 26, 2023 11:53
@yannbf yannbf changed the title prebundle instrumenter Prebundle @storybook/instrumenter package Apr 26, 2023
yannbf
yannbf suggested changes Apr 26, 2023
View reviewed changes
Copy link
Member

@yannbf yannbf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @ndelangen thanks for the PR! I'm testing the canary and it turns out that there are issues from bundled code that refers to process in Vite projects (which are only happening in the canary version):
image

Can you take a look into that? It's rather simple to reproduce, you just need to use @storybook/jest in any story and visit it.

@ndelangen
Copy link
Member Author

Thank you for checking @yannbf I'll see if I can find a solution for that.

@socket-security
Copy link

socket-security bot commented Apr 28, 2023
edited

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore is-generator-function@1.0.10
⚠️ Uses eval

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

Package Eval Type Location Source
is-generator-function@1.0.10 (added) Function index.js package.json via util@0.12.5
Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script confusion ✅ 0 issues
Bin script shell injection ✅ 0 issues
Shell access ✅ 0 issues
Uses eval ⚠️ 1 issue
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
GitHub dependency ✅ 0 issues
New author ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
util@0.12.5 environment +1 goto-bus-stop

@yannbf yannbf added the minor Increment the minor version when merged label Apr 28, 2023
@yannbf yannbf merged commit b30f6b8 into future Apr 28, 2023
2 of 3 checks passed
@yannbf yannbf deleted the norbert/bundle-interactions branch April 28, 2023 08:49
@github-actions github-actions bot added the prerelease This change is available in a prerelease. label Jun 19, 2023
This was referenced Jun 19, 2023
Merged
Merged
@github-actions github-actions bot mentioned this pull request Aug 17, 2023
Merged
5 tasks
@yannbf yannbf mentioned this pull request Aug 17, 2023
Merged
5 tasks
@github-actions
Copy link

🚀 PR was released in v0.2.0 🚀

@github-actions github-actions bot added released This issue/pull request has been released. and removed prerelease This change is available in a prerelease. labels Aug 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@yannbf yannbf yannbf requested changes

Assignees

@ndelangen ndelangen

Labels
minor Increment the minor version when merged released This issue/pull request has been released.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ndelangen @yannbf