Closed timwright12 closed 4 months ago
Looked into each of the 5 security alerts mentioned and they are all related to dependencies that Storybook 6.5 uses. We cannot upgrade beyond 6.5 because it is the latest version of Storybook that supports React Native.
Last week there was an alpha release of @storybook/react-native that added compatibility with Storybook 7.6.10. Hopefully this means a stable release is coming soon.
These alerts may be considered low risk since we only use Storybook for our dev environment and do not package our Storybook code with our NPM package. I've listed the offending Storybook packages below:
All dependabot alerts have been cleared aside from ip
which currently has no fix available. Closing out.
Description
As a human(?), I want to clear out dependabot alerts in the repo, so that we can submit it to be turned public.
As part of this story we want to: Clear out all the alerts listed at: https://github.com/department-of-veterans-affairs/va-mobile-library/security/dependabot
Acceptance Criteria
Ticket Checklist