Closed milindmore22 closed 4 months ago
npm run fix --force
is unable to fix it.ā storybook-test npm audit report
# npm audit report
ip *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix --force`
Will install storybook@6.5.16, which is a breaking change
node_modules/ip
@storybook/core-server *
Depends on vulnerable versions of ip
node_modules/@storybook/core-server
@storybook/cli <=0.0.0-pr-27522-sha-b32386a1 || >=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/cli
storybook <=0.0.0-pr-27522-sha-b32386a1 || >=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/cli
node_modules/storybook
4 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
It appears that this needs to be fixed in storybook Related: https://github.com/storybookjs/storybook/issues/26014
As currently storybook is not a hard dependency for PSAT, I am going to temporarily remove storybook package dependencies form package.json
until it is fixed in the upcoming storybook version, or we have a solution of it.
Checked Looks good šš¼
Describe the bug I recently ran npm audit and discovered 4 high severity vulnerabilities in my project's dependencies. This is a critical security issue that needs to be addressed immediately.
To Reproduce Steps to reproduce the behavior:
git checkout main
npm audit
Expected behavior There should not be any high-risk vulnerabilities
Screenshots
Desktop (please complete the following information):