melvin-bot[bot]
commented
1 month ago This is a Snyk issue. Snyk is a tool that automatically tracks our repositories' dependencies and reports associated security vulnerabilities. It also automatically create PRs to fix these vulnerabilities.
C+: Please follow these steps to test the linked PR before running through the reviewer checklist:
- [ ] The first step is to understand the PR: what dependency is it upgrading, for which vulnerability, how it impacts our product & end users.
- [ ] If the issue is not worth fixing, please add your reasoning in the issue and have the internal engineer review it.
- [ ] Check the change log (which should be included in the PR description) to see all changes. We want to identify any breaking changes. If it is a minor version bump, it's unlikely that there are any breaking changes.
- [ ] Test our feature(s) that make use of this package. If it does not work, we should understand what broke it. It is also a good idea to check our main flows to make sure they are not broken that you can add in the checklist screenshots/videos.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
SNYK-JS-MARKDOWNTOJSX-6258886
Commit messages
Package name: @storybook/addon-essentials
The new version differs by 250 commits.- 8b2f2db Bump version from "8.2.0-beta.3" to "8.2.0" [skip ci]
- 0437828 Merge pull request #28497 from storybookjs/version-non-patch-from-8.2.0-beta.3
- 7bcafec Docs: Write 8.2 changelog [skip ci]
- cfd916f Write changelog for 8.2.0 [skip ci]
- 687560f Merge pull request #28496 from storybookjs/docs_fix_links
- 3e765ab Merge branch 'next' into docs_fix_links
- 9f16fe1 Docs: Fix links and assorted fixes
- ef343c7 Bump version from "8.2.0-beta.2" to "8.2.0-beta.3" [skip ci]
- 0c7ea98 Merge pull request #28488 from storybookjs/version-non-patch-from-8.2.0-beta.2
- ce8513c Write changelog for 8.2.0-beta.3 [skip ci]
- d749cf2 Merge pull request #28485 from storybookjs/fix-regex-escaping
- 41053bf Merge pull request #28456 from ROCKTAKEY/fix-switch-case-default-typo-on-document
- 17ce575 Merge branch 'next' into fix-switch-case-default-typo-on-document
- 40b1c89 Merge pull request #28487 from storybookjs/valentin/export-prop-type-definitions
- b3a656b Merge pull request #28486 from storybookjs/docs_frameworks_fix_broken_links
- db53711 vue 3 vite updates
- fd4d89e Templates: Export ButtonProps and HeaderProps interfaces
- 1fb6607 Merge branch 'docs_frameworks_fix_broken_links' of https://github.com/storybookjs/storybook into docs_frameworks_fix_broken_links
- 7fa1dd0 fix the vue 3 vite link
- cfdf8c6 Merge branch 'next' into docs_frameworks_fix_broken_links
- d5b0fb7 Merge pull request #28479 from storybookjs/revert/26884
- e073dff Docs: Fix broken framework links
- 6d3212b Merge pull request #28465 from kevinfoerster/patch-1
- bf0a323 Merge branch 'next' into patch-1
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
š§ View latest project report
š Adjust project settings
š Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
š¦ Cross-site Scripting (XSS)