Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expand Storybook version range #95

Merged
merged 3 commits into from
Mar 31, 2023
Merged

Expand Storybook version range #95

merged 3 commits into from
Mar 31, 2023

Conversation

JReinhold
Copy link
Collaborator

@JReinhold JReinhold commented Mar 31, 2023
edited by shilman
Loading

This PR expands the Storybook version range to support the whole 7.0.0 lineup.

📦 Published PR as canary version: 2.0.12--canary.95.9609b34.0

✨ Test out this PR locally via:

npm install @storybook/[email protected]
# or 
yarn add @storybook/[email protected]

Version

Published prerelease version: v3.0.0-next.5

Changelog

💥 Breaking Change

🐛 Bug Fix

Authors: 3

@JReinhold JReinhold self-assigned this Mar 31, 2023
@socket-security
Copy link

socket-security bot commented Mar 31, 2023
edited
Loading

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
[email protected] (upgraded) postinstall package.json via [email protected]
[email protected] (upgraded) postinstall package.json via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
😵‍💫 Bin script confusion

This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack

Consider removing one of the conflicting packages. Packages should only export bin scripts with their name

Package Bin script Source
[email protected] (upgraded) semver
[email protected] (upgraded) jest package.json via @storybook/[email protected], [email protected]
[email protected] (upgraded) jest package.json via @storybook/[email protected], [email protected], [email protected]
⚠️ Shell access

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Package Module Location Source
@auto-it/[email protected] (added) child_process dist/tests/auto-make-changelog.test.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/tests/auto.test.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/tests/get-current-branch.test.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/tests/get-remote.test.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/tests/release.test.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/auto.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/release.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/utils/tests/load-plugin.test.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/utils/tests/verify-auth.test.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/utils/exec-promise.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/utils/get-current-branch.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/utils/load-plugins.js package.json via [email protected]
@auto-it/[email protected] (added) child_process dist/utils/verify-auth.js package.json via [email protected]
@auto-it/[email protected] (upgraded) child_process dist/index.js package.json via [email protected]
@aw-web-design/[email protected] (added) child_process src/detect-linux.js package.json via @storybook/[email protected], [email protected]
@aw-web-design/[email protected] (added) child_process src/detect-windows.js package.json via @storybook/[email protected], [email protected]
@aw-web-design/[email protected] (added) child_process src/detect-windows10.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process lib/index.js package.json via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected]
[email protected] (upgraded) child_process index.js package.json via @storybook/[email protected], [email protected], [email protected]
[email protected] (upgraded) child_process index.js package.json via @auto-it/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added) child_process dist/envinfo.js package.json via [email protected]
[email protected] (upgraded) child_process install.js package.json via [email protected]
[email protected] (upgraded) child_process lib/main.js package.json via [email protected]
[email protected] (upgraded) child_process install.js package.json via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (upgraded) child_process lib/main.js package.json via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (upgraded) child_process index.js package.json via @auto-it/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added) child_process dist/gitlog.cjs.development.js package.json via @auto-it/[email protected], [email protected]
[email protected] (added) child_process dist/gitlog.cjs.production.min.js package.json via @auto-it/[email protected], [email protected]
[email protected] (added) child_process dist/gitlog.esm.js package.json via @auto-it/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/jakefile.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/lib/package_task.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/lib/publish_task.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/lib/utils/index.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/concurrent.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/file_task.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/file.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/helpers.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/jakelib/rule.jake.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/publish_task.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/rule.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/selfdep.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/task_base.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) child_process jake-v10.8.5/test/integration/task_base.js package.json via @storybook/[email protected], [email protected]
[email protected] (upgraded) child_process build/crawlers/node.js package.json via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected]
[email protected] (upgraded) child_process build/lib/isWatchmanInstalled.js package.json via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected]
[email protected] (upgraded) child_process build/workers/ChildProcessWorker.js package.json via @storybook/[email protected], [email protected]
[email protected] (upgraded) child_process build/workers/ChildProcessWorker.js package.json via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected]
[email protected] (upgraded) child_process dist/Runner.js package.json via [email protected]
[email protected] (upgraded) child_process src/Runner.js package.json via [email protected]
[email protected] (added) child_process lib/jsdom/living/xhr/XMLHttpRequest-impl.js package.json via [email protected]
[email protected] (added) child_process lib/resolvers.js package.json via @auto-it/[email protected], [email protected]
[email protected] (added) child_process dist/shared/watch-cli.js package.json via [email protected]
[email protected] (added) child_process src/exec-child.js package.json via [email protected]
[email protected] (added) child_process src/exec.js package.json via [email protected]
[email protected] (added) child_process dist/transformer.cjs package.json
[email protected] (added) child_process dist/transformer.mjs package.json
[email protected] (added) child_process index.js package.json via [email protected]
[email protected] (added) child_process dist/child/spawn-child.js package.json via [email protected]
[email protected] (added) child_process check-npm-version.js package.json via @babel/[email protected], @babel/[email protected], [email protected]
[email protected] (added) child_process index.js package.json via @babel/[email protected], @babel/[email protected], [email protected]
[email protected] (added) child_process dist/node/chunks/dep-67e7f8ab.js package.json
[email protected] (added) child_process dist/node/cli.js package.json
[email protected] (added) child_process dist/node/index.js package.json
[email protected] (added) child_process bin/webpack.js package.json via @storybook/[email protected], [email protected]
⚠️ Uses eval

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

Package Eval Type Location Source
@sinclair/[email protected] (upgraded) Function compiler/compiler.js package.json via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected]
@sinclair/[email protected] (upgraded) Function errors/errors.js package.json via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected]
@sinclair/[email protected] (upgraded) Function value/cast.js package.json via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected]
@sinclair/[email protected] (upgraded) Function value/check.js package.json via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected]
@sinclair/[email protected] (upgraded) Function value/create.js package.json via @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected]
@snyk/[email protected] (added) Function dist/graphlib.js package.json via [email protected]
@snyk/[email protected] (added) Function dist/graphlib.js package.json via [email protected]
@yarnpkg/[email protected] (added) Function index.js package.json via [email protected]
@yarnpkg/[email protected] (added) Function index.js package.json via [email protected]
[email protected] (added) Function dist/ajv.bundle.js package.json via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], [email protected]
[email protected] (added) Function lib/compile/index.js package.json via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], [email protected]
[email protected] (added) Function dist/compile/index.js package.json via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added) Function dist/compile/jtd/parse.js package.json via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added) Function dist/compile/jtd/serialize.js package.json via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added) Function internals/function-bind.js package.json via @storybook/[email protected], @storybook/[email protected]
[email protected] (added) Function internals/task.js package.json via @storybook/[email protected], @storybook/[email protected]
[email protected] (added) Function modules/web.timers.js package.json via @storybook/[email protected], @storybook/[email protected]
[email protected] (added) Function ejs-v3.1.8/ejs.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) Function ejs-v3.1.8/ejs.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) Function ejs-v3.1.8/ejs.min.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) Function ejs-v3.1.8/ejs.min.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) Function ejs-v3.1.8/lib/ejs.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) Function ejs-v3.1.8/lib/ejs.js package.json via @storybook/[email protected], [email protected]
[email protected] (added) Function dist/envinfo.js package.json via [email protected]
[email protected] (added) Function dist/envinfo.js package.json via [email protected]
[email protected] (added) Function dist/cjs/handlebars/compiler/javascript-compiler.js package.json via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [@storybook/[email protected]](https://socket.dev/npm/package/@storybook/svelte/o

@JReinhold JReinhold added patch Increment the patch version when merged dependencies Update one or more dependencies version labels Mar 31, 2023
@JReinhold JReinhold added major Increment the major version when merged patch Increment the patch version when merged and removed patch Increment the patch version when merged labels Mar 31, 2023
@JReinhold JReinhold merged commit 60bd726 into next Mar 31, 2023
@JReinhold JReinhold deleted the update-sb-deps branch March 31, 2023 18:39
@JReinhold JReinhold removed the patch Increment the patch version when merged label Mar 31, 2023
@shilman shilman added the prerelease This change is available in a prerelease. label Mar 31, 2023
@shilman
Copy link
Member

shilman commented Apr 3, 2023

🚀 PR was released in v3.0.0 🚀

@shilman shilman added released This issue/pull request has been released. and removed prerelease This change is available in a prerelease. labels Apr 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@JReinhold JReinhold

Labels
dependencies Update one or more dependencies version major Increment the major version when merged released This issue/pull request has been released.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@JReinhold @shilman