New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@storybook/addon-storyshots: NPM Audit warning - braces >= 2.3.1 #6110
Comments
Hi everyone! Seems like there hasn't been much going on in this issue lately. If there are still questions, comments, or bugs, please feel free to continue the discussion. Unfortunately, we don't have time to get to every issue. We are always open to contributions so please send us a pull request if you would like to help. Inactive issues will be closed after 30 days. Thanks! |
Still relevant. There are also another 8 issues flagged by |
Hi everyone! Seems like there hasn't been much going on in this issue lately. If there are still questions, comments, or bugs, please feel free to continue the discussion. Unfortunately, we don't have time to get to every issue. We are always open to contributions so please send us a pull request if you would like to help. Inactive issues will be closed after 30 days. Thanks! |
I agree, still relevant, I too have this vulnerability. in addition to #6622 |
Hi everyone! Seems like there hasn't been much going on in this issue lately. If there are still questions, comments, or bugs, please feel free to continue the discussion. Unfortunately, we don't have time to get to every issue. We are always open to contributions so please send us a pull request if you would like to help. Inactive issues will be closed after 30 days. Thanks! |
This issue is still relevant. I tried to help by fixing it on a PR, but I couldn't setup the project to run all the tests. If you can point me to the right documentation for setting up my environment to work on this project, I can make a PR. |
@arturopie There's a development guide in https://github.com/storybooks/storybook/blob/next/CONTRIBUTING.md#reproductions |
Yes, I did and got 6 failed test and 3 failed snapshots after running the core tests. |
@arturopie Failed tests in the |
Yes |
Upgrading to |
When running NPM / yarn audit throws Regular Expression Denial of Service.
In yarn this is a bit worse because it fails with process code 1 and thus CI.
The following path of dependencies depicts the root origin of the error:
Most libraries have gotten rid of this vulnerability from braces.
Steps to reproduce
Install latest
@storybook/framework
and@storybook/addon-storyshots
and run NPM audit.Please specify which version of Storybook and optionally any affected addons that you're running
Affected platforms
I'm on macOS but I don't see why it would be different in another OS.
The text was updated successfully, but these errors were encountered: