search

Expensify / App

Welcome to New Expensify: a complete re-imagination of financial collaboration, centered around chat. Help us build the next generation of Expensify by sharing feedback and contributing to the code.
https://new.expensify.com
MIT License
3.48k stars 2.83k forks source link

[Snyk] Security upgrade @storybook/addon-essentials from 8.1.10 to 8.2.0 #50718

Open melvin-bot[bot] opened 2 days ago

melvin-bot[bot] commented 2 days ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Cross-site Scripting (XSS)
SNYK-JS-MARKDOWNTOJSX-6258886		 No Proof of Concept
Commit messages
Package name: @storybook/addon-essentials The new version differs by 250 commits.
  • 8b2f2db Bump version from "8.2.0-beta.3" to "8.2.0" [skip ci]
  • 0437828 Merge pull request #28497 from storybookjs/version-non-patch-from-8.2.0-beta.3
  • 7bcafec Docs: Write 8.2 changelog [skip ci]
  • cfd916f Write changelog for 8.2.0 [skip ci]
  • 687560f Merge pull request #28496 from storybookjs/docs_fix_links
  • 3e765ab Merge branch 'next' into docs_fix_links
  • 9f16fe1 Docs: Fix links and assorted fixes
  • ef343c7 Bump version from "8.2.0-beta.2" to "8.2.0-beta.3" [skip ci]
  • 0c7ea98 Merge pull request #28488 from storybookjs/version-non-patch-from-8.2.0-beta.2
  • ce8513c Write changelog for 8.2.0-beta.3 [skip ci]
  • d749cf2 Merge pull request #28485 from storybookjs/fix-regex-escaping
  • 41053bf Merge pull request #28456 from ROCKTAKEY/fix-switch-case-default-typo-on-document
  • 17ce575 Merge branch 'next' into fix-switch-case-default-typo-on-document
  • 40b1c89 Merge pull request #28487 from storybookjs/valentin/export-prop-type-definitions
  • b3a656b Merge pull request #28486 from storybookjs/docs_frameworks_fix_broken_links
  • db53711 vue 3 vite updates
  • fd4d89e Templates: Export ButtonProps and HeaderProps interfaces
  • 1fb6607 Merge branch 'docs_frameworks_fix_broken_links' of https://github.com/storybookjs/storybook into docs_frameworks_fix_broken_links
  • 7fa1dd0 fix the vue 3 vite link
  • cfdf8c6 Merge branch 'next' into docs_frameworks_fix_broken_links
  • d5b0fb7 Merge pull request #28479 from storybookjs/revert/26884
  • e073dff Docs: Fix broken framework links
  • 6d3212b Merge pull request #28465 from kevinfoerster/patch-1
  • bf0a323 Merge branch 'next' into patch-1
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: šŸ§ View latest project report

šŸ›  Adjust project settings

šŸ“š Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

šŸ¦‰ Cross-site Scripting (XSS)

melvin-bot[bot] commented 2 days ago

This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.

    C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
    - [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
    - [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
    - [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
    - [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.