You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a projet with the very latest of Storybook but I have high vulnerabilities with glob-parent, trim and trim-newlines.
Here is the npm audit report :
# npm audit report
glob-parent <5.1.2
Severity: high
Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix --force`
Will install @storybook/addon-essentials@5.3.21, which is a breaking change
node_modules/cpy/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/webpack/node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/cpy/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/cpy/node_modules/globby
cpy >=7.0.0
Depends on vulnerable versions of globby
node_modules/cpy
@storybook/core-server *
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of cpy
node_modules/@storybook/core-server
@storybook/core >=6.2.0-alpha.0
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/core
@storybook/addon-docs *
Depends on vulnerable versions of @mdx-js/mdx
Depends on vulnerable versions of @storybook/core
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of @storybook/react
node_modules/@storybook/addon-docs
@storybook/addon-essentials <=5.3.0-rc.14 || >=6.0.0-alpha.0
Depends on vulnerable versions of @storybook/addon-docs
node_modules/@storybook/addon-essentials
@storybook/react >=6.2.0-alpha.0
Depends on vulnerable versions of @storybook/core
node_modules/@storybook/react
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix --force`
Will install @storybook/addon-essentials@5.3.21, which is a breaking change
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark-parse
@mdx-js/mdx <=2.0.0-next.8
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
@mdx-js/loader 0.15.5 - 1.6.22
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@mdx-js/loader
@storybook/addon-docs *
Depends on vulnerable versions of @mdx-js/mdx
Depends on vulnerable versions of @storybook/core
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of @storybook/react
node_modules/@storybook/addon-docs
@storybook/addon-essentials <=5.3.0-rc.14 || >=6.0.0-alpha.0
Depends on vulnerable versions of @storybook/addon-docs
node_modules/@storybook/addon-essentials
@storybook/csf-tools *
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@storybook/csf-tools
@storybook/core-server *
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of cpy
node_modules/@storybook/core-server
@storybook/core >=6.2.0-alpha.0
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/core
@storybook/react >=6.2.0-alpha.0
Depends on vulnerable versions of @storybook/core
node_modules/@storybook/react
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
trim-newlines <3.0.1
Severity: high
Regular Expression Denial of Service in trim-newlines - https://github.com/advisories/GHSA-7p7h-4mm5-852v
fix available via `npm audit fix`
node_modules/trim-newlines
meow 3.4.0 - 5.0.0
Depends on vulnerable versions of trim-newlines
node_modules/meow
Hi @shilman, this is not entirely dupe of #14603, because of trim-newlines library.
@storybook/core-server > x-default-browser > default-browser-id > meow > trim-newlines
Hi,
I have a projet with the very latest of Storybook but I have high vulnerabilities with
glob-parent
,trim
andtrim-newlines
.Here is the npm audit report :
The results of
npx sb@next info
:The text was updated successfully, but these errors were encountered: