New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please upgrade dependencies to fix audit failures #18155
Comments
Up to 22 |
There are security errors in # npm audit report
got <=11.8.3
Severity: high
Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
Depends on vulnerable versions of cacheable-request
fix available via `npm audit fix --force`
Will install @storybook/cli@6.5.16, which is a breaking change
node_modules/got
download-tarball *
Depends on vulnerable versions of got
node_modules/download-tarball
@storybook/cli >=7.0.0-alpha.0
Depends on vulnerable versions of download-tarball
node_modules/@storybook/cli
http-cache-semantics <4.1.1
Severity: high
http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
fix available via `npm audit fix --force`
Will install @storybook/cli@6.5.16, which is a breaking change
node_modules/http-cache-semantics
cacheable-request 0.1.0 - 2.1.4
Depends on vulnerable versions of http-cache-semantics
node_modules/cacheable-request
5 vulnerabilities (2 moderate, 3 high) |
And according to
It seems to be caused by (edit: which seems to be a new addition in 7.0.0-beta.48: 62e37c0) |
@chartinger thank you for reporting, if you wouldn't mind giving the issue upstream a thumbs-up? If there's any other way you could assist to get this resolved, any help would be appreciated! |
I opened a PR to modernize the dependency: |
As the package code is about 26 lines, I wonder if it would be easier to just have a helper function :) |
Jeepers creepers!! I just released https://github.com/storybookjs/storybook/releases/tag/v7.0.0-beta.58 containing PR #21201 that references this issue. Upgrade today to the
|
Describe the bug
Storybook triggering 13 audit failures in my project
To Reproduce
Just install the latest @storybook.
In particular upgrade@mdx-js/mdx
System
Environment Info:
System:
OS: macOS 12.3.1
CPU: (10) arm64 Apple M1 Max
Binaries:
Node: 14.19.1 - ~/.nvm/versions/node/v14.19.1/bin/node
npm: 6.14.16 - ~/.nvm/versions/node/v14.19.1/bin/npm
Browsers:
Chrome: 101.0.4951.54
Safari: 15.4
npmPackages:
@storybook/addon-actions: ^6.4.22 => 6.4.22
@storybook/addon-essentials: ^6.4.22 => 6.4.22
@storybook/addon-interactions: ^6.4.22 => 6.4.22
@storybook/addon-links: ^6.4.22 => 6.4.22
@storybook/react: ^6.4.22 => 6.4.22
@storybook/testing-library: 0.0.9 => 0.0.9
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: