fbosquet-azpn
commented
6 months ago This pull request can now be cancelled, the storybook exemple was updated.
Closed rohag-equinor closed 5 months ago
fbosquet-azpn
commented
6 months ago This pull request can now be cancelled, the storybook exemple was updated.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - examples/plain-javascript-example/package.json - examples/plain-javascript-example/package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000****Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-BROWSERSLIST-1090194](https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194) | Yes | Proof of Concept  | **526/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.1 | Arbitrary Code Injection
[SNYK-JS-EJS-1049328](https://snyk.io/vuln/SNYK-JS-EJS-1049328) | Yes | Proof of Concept  | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
[SNYK-JS-EJS-2803307](https://snyk.io/vuln/SNYK-JS-EJS-2803307) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | Yes | Proof of Concept  | **504/1000**
**Why?** Has a fix available, CVSS 5.8 | Prototype Pollution
[SNYK-JS-HIGHLIGHTJS-1045326](https://snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1045326) | Yes | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-HIGHLIGHTJS-1048676](https://snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1048676) | Yes | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-IMMER-1019369](https://snyk.io/vuln/SNYK-JS-IMMER-1019369) | Yes | Proof of Concept  | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Prototype Pollution
[SNYK-JS-IMMER-1540542](https://snyk.io/vuln/SNYK-JS-IMMER-1540542) | Yes | Proof of Concept  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | Yes | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | Yes | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | Yes | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | Yes | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-PRISMJS-1076581](https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581) | Yes | Proof of Concept  | **584/1000**
**Why?** Has a fix available, CVSS 7.4 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-PRISMJS-1314893](https://snyk.io/vuln/SNYK-JS-PRISMJS-1314893) | Yes | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-PRISMJS-1585202](https://snyk.io/vuln/SNYK-JS-PRISMJS-1585202) | Yes | Proof of Concept  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Cross-site Scripting (XSS)
[SNYK-JS-PRISMJS-2404333](https://snyk.io/vuln/SNYK-JS-PRISMJS-2404333) | Yes | No Known Exploit  | **629/1000**
**Why?** Has a fix available, CVSS 8.3 | Cross-site Scripting (XSS)
[SNYK-JS-PRISMJS-597628](https://snyk.io/vuln/SNYK-JS-PRISMJS-597628) | Yes | No Known Exploit  | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Command Injection
[SNYK-JS-REACTDEVUTILS-1083268](https://snyk.io/vuln/SNYK-JS-REACTDEVUTILS-1083268) | Yes | Proof of Concept  | **619/1000**
**Why?** Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
[SNYK-JS-SHELLQUOTE-1766506](https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506) | Yes | No Known Exploit  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-UGLIFYJS-1727251](https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @storybook/addon-storysource
The new version differs by 250 commits.- e89e51a v6.1.0
- d004d19 Update root, peer deps, version.ts/json to 6.1.0
- 1d07f01 6.1.0 changelog
- 178e9bd 6.1.0-rc.6 next.json version file
- 971eccd Update git head to 6.1.0-rc.6
- 9009e53 v6.1.0-rc.6
- eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
- 5c0049b 6.1.0-rc.6 changelog
- 76d53b5 Merge pull request #13165 from storybookjs/13156-fix-cached-manager
- 4747fea Merge pull request #12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
- 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
- 428b6e0 6.1.0-rc.5 next.json version file
- a72852d Update git head to 6.1.0-rc.5
- a8822ed v6.1.0-rc.5
- 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
- 06b55c8 update 6.1-rc.5
- 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
- f701930 Merge pull request #13141 from ThibaudAV/update-angular-ex
- c8a819d Merge pull request #13162 from S1ngS1ng/patch-1
- cd7766e 6.1.0-rc.5 changelog addition
- 45ddc0c Merge pull request #13159 from storybookjs/12386-ie11-layout-centered
- f2123da 6.1.0-rc.5 changelog
- 30c5e98 fix incorrect component reference
- f6d4f0a Merge pull request #13155 from storybookjs/feature/sidebarClassNames
See the full diffPackage name: @storybook/html
The new version differs by 250 commits.- 829c72e v6.2.0
- f8bfee0 Update root, peer deps, version.ts/json to 6.2.0
- 2814acc CLI: Don't update versions.json on CLI prepare
- 637daa1 Update 6.2 changelog
- c760793 6.2 release
- 5595b1e Merge pull request #14348 from gabiseabra/fix/issue_13771
- a686a99 6.2.0-rc.13 next.json version file
- 6be8b92 Update git head to 6.2.0-rc.13
- c1dfd5b v6.2.0-rc.13
- 4ef7b5a Update root, peer deps, version.ts/json to 6.2.0-rc.13
- d954d50 6.2.0-rc.13 changelog
- 1913c92 Merge pull request #14390 from YozhEzhi/patch-1
- ee98e0e Merge branch 'next' of github.com:storybookjs/storybook into next
- a8aadc4 Update CHANGELOG.md
- 44eca58 Merge pull request #14392 from storybookjs/fix-raw-toggle
- f10ef90 Merge pull request #14391 from YozhEzhi/patch-3
- b1ee5e9 Prevent invalid initial color to be accepted as preset
- 2c6b796 Color picker can't deal with 'transparent' keyword
- 6951762 Don't show RAW toggle when data isn't representable by REJT
- 259b12a Update my-component-story-use-globaltype.js.mdx
- a8a846b Update my-component-story-use-globaltype.mdx.mdx
- 57fc3cd 6.2.0-rc.12 next.json version file
- ba0f535 Fix changelog
- 6ec5750 Update git head to 6.2.0-rc.12
See the full diff