[Bug] CVE-2023-26115

[emilorol]

What version of vite are you using?

4.3.9

System info and storybook versions

System: OS: macOS 13.4.1 CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz Binaries: Node: 20.2.0 - /usr/local/bin/node Yarn: 1.22.19 - /usr/local/bin/yarn npm: 9.6.6 - /usr/local/bin/npm Browsers: Chrome: 114.0.5735.198 Safari: 16.5.1 npmPackages: @storybook/addon-essentials: ^7.0.24 => 7.0.24 @storybook/core-common: ^7.0.24 => 7.0.24 @storybook/core-server: ^7.0.24 => 7.0.24 @storybook/react-vite: ^7.0.24 => 7.0.24

Describe the Bug

CVE-2023-26115

$ yarn audit

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ word-wrap vulnerable to Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ word-wrap                                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ No patch available                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @storybook/react-vite                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ @storybook/react-vite > @storybook/react > escodegen >       │
│               │ optionator > word-wrap                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1092330                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

Temp Solution before a fix for yarn in your package.json:

  "resolutions": {
    "**/optionator": "^0.9.3"
  }

Link to Minimal Reproducible Example

No response

Participation

• [ ] I am willing to submit a pull request for this issue.