-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
browserslist Security Vulnerability #15173
Labels
Comments
leotm
added a commit
to leotm/react-native-template-new-architecture
that referenced
this issue
Feb 3, 2022
Prompted by Dependabot false positive Security vulnerabilities of dev build tools RN Storybook v5.3 - Remove old /storybook config - Keep old /stories for now RN Storybook v6 - Setup in .storybook for now - Add minimal config w/o stories for now Jest setup mocks - Remove stale RN mocks - Add new RN Storybook mocks - Doc @storybook/addon-ondevice-notes/register parsing issue - Doc @storybook/addon-actions ES forEach proto parsing issue Metro - Config resolver for modern storybook build, vs polyfilled versions - Keep inlineRequires optimisation on, disable later if blocking App - Update gitignore with Storybook - Update app Storybook require to import with new path - Add react-native-slider and RNDateTimePicker pods - Add get-stories script to codegen storybook.requires.js - Update RNCAsyncStorage pod - Remove deprecated @react-native-community/async-storage later and update Reactotron config Relevant Dependabot Security alerts - Upgrading Storybook should clear some, resolve remaining after - browserslist: storybookjs/storybook#15173 - glob-parent : storybookjs/storybook#15174 - Vulnerabilities: storybookjs/storybook#16063 - immer: storybookjs/storybook#16093 - immer: storybookjs/storybook#16556 storybookjs/react-native#240 - Old v5.3 warnings no longer present, in this v6 no-stories but with addons upgrade so far
leotm
added a commit
to leotm/react-native-template-new-architecture
that referenced
this issue
Feb 3, 2022
Prompted by Dependabot false positive Security vulnerabilities of dev build tools RN Storybook v5.3 - Remove old /storybook config - Keep old /stories for now RN Storybook v6 - Setup in .storybook for now - Add minimal config w/o stories for now Jest setup mocks - Remove stale RN mocks - Add new RN Storybook mocks - Doc @storybook/addon-ondevice-notes/register parsing issue - Doc @storybook/addon-actions ES forEach proto parsing issue Metro - Config resolver for modern storybook build, vs polyfilled versions - Keep inlineRequires optimisation on, disable later if blocking App - Update gitignore with Storybook - Update app Storybook require to import with new path - Add react-native-slider and RNDateTimePicker pods - Add get-stories script to codegen storybook.requires.js - Update RNCAsyncStorage pod - Remove deprecated @react-native-community/async-storage later and update Reactotron config Relevant Dependabot Security alerts - Upgrading Storybook should clear some, resolve remaining after - browserslist: storybookjs/storybook#15173 - glob-parent : storybookjs/storybook#15174 - Vulnerabilities: storybookjs/storybook#16063 - immer: storybookjs/storybook#16093 - immer: storybookjs/storybook#16556 storybookjs/react-native#240 - Old v5.3 warnings no longer present, in this v6 no-stories but with addons upgrade so far After figured @storybook/addon-ondevice-notes/register Jest parsing issue - Add generated storybook.requires.js to gitignore - Add prestart script to get-stories first Consider splitting/decoupling App/Storybook Jest parsing - env var with dynamic import - npm workspaces / lerna - multiple modules
We’re cleaning house! Storybook has changed a lot since this issue was created and we don’t know if it’s still valid. Please open a new issue referencing this one if:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
NPM Advisory 1747
I know this isn't really a bug, but Storybook has several dependencies on
react-dev-utils
, which is using a vulnerable version ofbrowserlist
. I've opened an issue in create-react-app, and once it is addressed, you'll want to upgrade.@storybook/addon-essentials > @storybook/addon-docs > @storybook/builder-webpack4 > react-dev-utils > browserslist
@storybook/addon-essentials > @storybook/addon-docs > @storybook/core > @storybook/core-server > @storybook/builder-webpack4 > react-dev-utils > browserslist
@storybook/react > @storybook/core > @storybook/core-server > @storybook/builder-webpack4 > react-dev-utils > browserslist
@storybook/react > react-dev-utils > browserslist
To Reproduce
Run
npm audit
System
Additional context
The text was updated successfully, but these errors were encountered: