search

storybookjs / design-system

🗃 Storybook Design System
https://master--5ccbc373887ca40020446347.chromatic.com/
1.91k stars 585 forks source link

Upgrade Storybook and Emotion dependencies #417

Closed ghengeveld closed 1 year ago

ghengeveld commented 1 year ago
📦 Published PR as canary version: 7.15.9-canary.417.0af64e9.0
:sparkles: Test out this PR locally via: ```bash npm install @storybook/design-system@7.15.9-canary.417.0af64e9.0 # or yarn add @storybook/design-system@7.15.9-canary.417.0af64e9.0 ```
socket-security[bot] commented 1 year ago

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore @storybook/cli@7.0.2
  • @SocketSecurity ignore storybook@7.0.2
  • @SocketSecurity ignore @storybook/telemetry@7.0.2
  • @SocketSecurity ignore address@1.2.2
  • @SocketSecurity ignore babel-plugin-istanbul@6.1.1
  • @SocketSecurity ignore better-opn@2.1.1
  • @SocketSecurity ignore chromatic@5.9.2
  • @SocketSecurity ignore commander@2.20.3
  • @SocketSecurity ignore commander@7.2.0
  • @SocketSecurity ignore cross-spawn@7.0.3
  • @SocketSecurity ignore envinfo@7.8.1
  • @SocketSecurity ignore esbuild@0.17.12
  • @SocketSecurity ignore execa@4.1.0
  • @SocketSecurity ignore execa@5.1.1
  • @SocketSecurity ignore gitlog@4.0.4
  • @SocketSecurity ignore jake@10.8.5
  • @SocketSecurity ignore jest-haste-map@29.5.0
  • @SocketSecurity ignore jest-worker@27.5.1
  • @SocketSecurity ignore jest-worker@29.5.0
  • @SocketSecurity ignore jscodeshift@0.14.0
  • @SocketSecurity ignore open@7.4.2
  • @SocketSecurity ignore open@8.4.2
  • @SocketSecurity ignore puppeteer-core@2.1.1
  • @SocketSecurity ignore shelljs@0.8.5
  • @SocketSecurity ignore tree-kill@1.2.2
  • @SocketSecurity ignore typescript@4.9.5
  • @SocketSecurity ignore update-browserslist-db@1.0.10
  • @SocketSecurity ignore v8flags@3.2.0
  • @SocketSecurity ignore @storybook/components@7.0.2
  • @SocketSecurity ignore @storybook/docs-mdx@0.1.0
  • @SocketSecurity ignore @storybook/manager@7.0.2
  • @SocketSecurity ignore @storybook/preview@7.0.2
  • @SocketSecurity ignore @storybook/router@7.0.2
  • @SocketSecurity ignore @yarnpkg/lockfile@1.1.0
  • @SocketSecurity ignore ajv@6.12.6
  • @SocketSecurity ignore ajv@8.11.0
  • @SocketSecurity ignore ajv@8.12.0
  • @SocketSecurity ignore core-js@3.17.3
  • @SocketSecurity ignore core-js-pure@3.29.0
  • @SocketSecurity ignore depd@2.0.0
  • @SocketSecurity ignore ejs@3.1.8
  • @SocketSecurity ignore handlebars@4.7.7
  • @SocketSecurity ignore is-callable@1.2.4
  • @SocketSecurity ignore is-generator-function@1.0.10
  • @SocketSecurity ignore js-yaml@3.14.1
  • @SocketSecurity ignore lodash@4.17.21
  • @SocketSecurity ignore object-inspect@1.12.2
  • @SocketSecurity ignore prettier@2.4.0
  • @SocketSecurity ignore prettier@2.8.4
  • @SocketSecurity ignore react-popper@1.3.11
😵‍💫 Bin script confusion

This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack

Consider removing one of the conflicting packages. Packages should only export bin scripts with their name

Package Bin script Source
@storybook/cli@7.0.2 (added) sb package.json via storybook@7.0.2
storybook@7.0.2 (added) sb package.json
⚠️ Shell access

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Package Module Location Source
@storybook/cli@7.0.2 (added) child_process dist/generate.js package.json via storybook@7.0.2
@storybook/telemetry@7.0.2 (added) child_process dist/index.js package.json via storybook@7.0.2
@storybook/telemetry@7.0.2 (added) child_process dist/index.mjs package.json via storybook@7.0.2
address@1.2.2 (added) child_process lib/address.js package.json via storybook@7.0.2
babel-plugin-istanbul@6.1.1 (added) child_process lib/index.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2
better-opn@2.1.1 (added) child_process dist/index.js package.json via storybook@7.0.2
chromatic@5.9.2 (added) child_process bin/git/git.test.js package.json
chromatic@5.9.2 (added) child_process bin/lib/logSerializers.test.js package.json
commander@2.20.3 (added) child_process index.js package.json via @storybook/react-webpack5@7.0.2, babel-loader@8.2.2
commander@7.2.0 (added) child_process index.js package.json via @svgr/cli@6.1.1
cross-spawn@7.0.3 (added) child_process index.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2, @storybook/react-webpack5@7.0.2, auto@9.61.0, babel-eslint@10.1.0, chromatic@5.9.2, cross-env@7.0.3, dotenv-cli@3.2.0, eslint@7.32.0, eslint-plugin-storybook@0.6.11, lint-staged@10.5.4, storybook@7.0.2
envinfo@7.8.1 (added) child_process dist/envinfo.js package.json via storybook@7.0.2
esbuild@0.17.12 (added) child_process install.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, @storybook/react@7.0.2, @storybook/react-webpack5@7.0.2, storybook@7.0.2
esbuild@0.17.12 (added) child_process lib/main.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, @storybook/react@7.0.2, @storybook/react-webpack5@7.0.2, storybook@7.0.2
execa@4.1.0 (added) child_process index.js package.json via auto@9.61.0, chromatic@5.9.2, lint-staged@10.5.4
execa@5.1.1 (added) child_process index.js package.json via chromatic@5.9.2, storybook@7.0.2
gitlog@4.0.4 (added) child_process dist/gitlog.cjs.development.js package.json via auto@9.61.0
gitlog@4.0.4 (added) child_process dist/gitlog.cjs.production.min.js package.json via auto@9.61.0
gitlog@4.0.4 (added) child_process dist/gitlog.esm.js package.json via auto@9.61.0
jake@10.8.5 (added) child_process jake-v10.8.5/jakefile.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/lib/package_task.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/lib/publish_task.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/lib/utils/index.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/concurrent.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/file_task.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/file.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/helpers.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/jakelib/rule.jake.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/publish_task.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/rule.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/selfdep.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/task_base.js package.json via storybook@7.0.2
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/task_base.js package.json via storybook@7.0.2
jest-haste-map@29.5.0 (added) child_process build/crawlers/node.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2
jest-haste-map@29.5.0 (added) child_process build/lib/isWatchmanInstalled.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2
jest-worker@27.5.1 (added) child_process build/workers/ChildProcessWorker.js package.json via @storybook/react-webpack5@7.0.2, babel-loader@8.2.2
jest-worker@29.5.0 (added) child_process build/workers/ChildProcessWorker.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2
jscodeshift@0.14.0 (added) child_process dist/Runner.js package.json via storybook@7.0.2
jscodeshift@0.14.0 (added) child_process src/Runner.js package.json via storybook@7.0.2
open@7.4.2 (added) child_process index.js package.json via patch-package@6.4.7, storybook@7.0.2
open@8.4.2 (added) child_process index.js package.json via storybook@7.0.2
puppeteer-core@2.1.1 (added) child_process lib/Launcher.js package.json via storybook@7.0.2
shelljs@0.8.5 (added) child_process src/exec-child.js package.json via storybook@7.0.2
shelljs@0.8.5 (added) child_process src/exec.js package.json via storybook@7.0.2
tree-kill@1.2.2 (added) child_process index.js package.json via chromatic@5.9.2
typescript@4.9.5 (added) child_process lib/tsserver.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2, @storybook/react-webpack5@7.0.2, eslint-plugin-storybook@0.6.11, ts-loader@7.0.5
typescript@4.9.5 (added) child_process lib/tsserver.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2, @storybook/react-webpack5@7.0.2, eslint-plugin-storybook@0.6.11, ts-loader@7.0.5
typescript@4.9.5 (added) child_process lib/typingsInstaller.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2, @storybook/react-webpack5@7.0.2, eslint-plugin-storybook@0.6.11, ts-loader@7.0.5
update-browserslist-db@1.0.10 (added) child_process check-npm-version.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, storybook@7.0.2
update-browserslist-db@1.0.10 (added) child_process index.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, storybook@7.0.2
v8flags@3.2.0 (added) child_process index.js package.json via @babel/node@7.15.4
⚠️ Uses eval

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

Package Eval Type Location Source
@storybook/components@7.0.2 (upgraded) Function dist/formatter-UT3ZCDIS.mjs package.json via @storybook/addon-a11y@7.0.2, @storybook/addon-actions@7.0.2, @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, @storybook/addon-storysource@7.0.2, @storybook/react-webpack5@7.0.2
@storybook/components@7.0.2 (upgraded) Function dist/formatter-UT3ZCDIS.mjs package.json via @storybook/addon-a11y@7.0.2, @storybook/addon-actions@7.0.2, @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, @storybook/addon-storysource@7.0.2, @storybook/react-webpack5@7.0.2
@storybook/docs-mdx@0.1.0 (added) Function dist/index.mjs package.json via storybook@7.0.2
@storybook/manager@7.0.2 (added) Function dist/chunk-Q4UME242.mjs package.json via storybook@7.0.2
@storybook/manager@7.0.2 (added) Function dist/chunk-Q4UME242.mjs package.json via storybook@7.0.2
@storybook/manager@7.0.2 (added) Function dist/chunk-Q4UME242.mjs package.json via storybook@7.0.2
@storybook/manager@7.0.2 (added) Function dist/chunk-Q4UME242.mjs package.json via storybook@7.0.2
@storybook/manager@7.0.2 (added) Function dist/chunk-Q4UME242.mjs package.json via storybook@7.0.2
@storybook/manager@7.0.2 (added) Function dist/chunk-Q4UME242.mjs package.json via storybook@7.0.2
@storybook/manager@7.0.2 (added) Function dist/chunk-Q4UME242.mjs package.json via storybook@7.0.2
@storybook/manager@7.0.2 (added) Function dist/formatter-UT3ZCDIS-52LVTYWQ.mjs package.json via storybook@7.0.2
@storybook/manager@7.0.2 (added) Function dist/formatter-UT3ZCDIS-52LVTYWQ.mjs package.json via storybook@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.js package.json via @storybook/react-webpack5@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.js package.json via @storybook/react-webpack5@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.js package.json via @storybook/react-webpack5@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.js package.json via @storybook/react-webpack5@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.js package.json via @storybook/react-webpack5@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.mjs package.json via @storybook/react-webpack5@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.mjs package.json via @storybook/react-webpack5@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.mjs package.json via @storybook/react-webpack5@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.mjs package.json via @storybook/react-webpack5@7.0.2
@storybook/preview@7.0.2 (added) Function dist/runtime.mjs package.json via @storybook/react-webpack5@7.0.2
@storybook/router@7.0.2 (upgraded) Function dist/chunk-NQZQ3SVL.mjs package.json via @storybook/addon-a11y@7.0.2, @storybook/addon-actions@7.0.2, @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, @storybook/addon-storysource@7.0.2, @storybook/react-webpack5@7.0.2
@storybook/router@7.0.2 (upgraded) Function dist/index.js package.json via @storybook/addon-a11y@7.0.2, @storybook/addon-actions@7.0.2, @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, @storybook/addon-storysource@7.0.2, @storybook/react-webpack5@7.0.2
@storybook/router@7.0.2 (upgraded) Function dist/utils.js package.json via @storybook/addon-a11y@7.0.2, @storybook/addon-actions@7.0.2, @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, @storybook/addon-storysource@7.0.2, @storybook/react-webpack5@7.0.2
@yarnpkg/lockfile@1.1.0 (added) Function index.js package.json via patch-package@6.4.7
@yarnpkg/lockfile@1.1.0 (added) Function index.js package.json via patch-package@6.4.7
ajv@6.12.6 (added) Function dist/ajv.bundle.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2, @storybook/react-webpack5@7.0.2, babel-eslint@10.1.0, babel-loader@8.2.2, chromatic@5.9.2, eslint@7.32.0, eslint-plugin-storybook@0.6.11
ajv@6.12.6 (added) Function lib/compile/index.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2, @storybook/react-webpack5@7.0.2, babel-eslint@10.1.0, babel-loader@8.2.2, chromatic@5.9.2, eslint@7.32.0, eslint-plugin-storybook@0.6.11
ajv@8.11.0 (added) Function dist/compile/index.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2
ajv@8.11.0 (added) Function dist/compile/jtd/parse.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2
ajv@8.11.0 (added) Function dist/compile/jtd/serialize.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2
ajv@8.12.0 (added) Function dist/compile/index.js package.json via @storybook/react-webpack5@7.0.2
ajv@8.12.0 (added) Function dist/compile/jtd/parse.js package.json via @storybook/react-webpack5@7.0.2
core-js@3.17.3 (added) Function internals/async-iterator-prototype.js package.json via @babel/node@7.15.4
core-js@3.17.3 (added) Function internals/function-bind.js package.json via @babel/node@7.15.4
core-js@3.17.3 (added) Function internals/task.js package.json via @babel/node@7.15.4
core-js@3.17.3 (added) Function modules/web.timers.js package.json via @babel/node@7.15.4
core-js-pure@3.29.0 (added) Function internals/async-iterator-prototype.js package.json via @storybook/eslint-config-storybook@3.1.2, @storybook/linter-config@3.1.2, @storybook/react-webpack5@7.0.2
depd@2.0.0 (added) Function index.js package.json via @storybook/react-webpack5@7.0.2, storybook@7.0.2
ejs@3.1.8 (added) Function ejs-v3.1.8/ejs.js package.json via storybook@7.0.2
ejs@3.1.8 (added) Function ejs-v3.1.8/ejs.js package.json via storybook@7.0.2
ejs@3.1.8 (added) Function ejs-v3.1.8/ejs.min.js package.json via storybook@7.0.2
ejs@3.1.8 (added) Function ejs-v3.1.8/ejs.min.js package.json via storybook@7.0.2
ejs@3.1.8 (added) Function ejs-v3.1.8/lib/ejs.js package.json via storybook@7.0.2
ejs@3.1.8 (added) Function ejs-v3.1.8/lib/ejs.js package.json via storybook@7.0.2
envinfo@7.8.1 (added) Function dist/envinfo.js package.json via storybook@7.0.2
envinfo@7.8.1 (added) Function dist/envinfo.js package.json via storybook@7.0.2
handlebars@4.7.7 (added) Function dist/cjs/handlebars/compiler/javascript-compiler.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, @storybook/react@7.0.2, @storybook/react-webpack5@7.0.2, storybook@7.0.2
handlebars@4.7.7 (added) Function dist/cjs/handlebars/compiler/javascript-compiler.js package.json via @storybook/addon-docs@7.0.2, @storybook/addon-essentials@7.0.2, @storybook/react@7.0.2, @storybook/react-webpack5@7.0.2, storybook@7.0.2
handlebars@4.7.7 (added) Function dist/handlebars.amd.js package.json via [@storybook/addon-docs@7.0.2](https://socket.dev/npm/package/@storybook/add
github-actions[bot] commented 1 year ago

:rocket: PR was released in v7.15.9 :rocket: