Closed Tobi-mmt closed 2 years ago
This is an issue for me as well.
This library is about interfacing with MDX1. For MDX2 there is a separate library https://github.com/storybookjs/mdx2-csf
Storybook itself will be upgrading to MDX2 in 7.0 (breaking change) which will fix the security audit.
Closing this for now.
Describe the bug This project has a critical security issue.
It is currently using
@mdx-js/mdx
in version 1.x which usesremark-parse
which uses an insecuretrim
version. E.g. updating to@mdx-js/mdx
version 2.x will fix that security issue.To Reproduce Steps to reproduce the behavior:
npm init
npm install --save @storybook/mdx1-csf
npm audit
Expected behavior No security issues in
@storybook/mdx1-csf
Screenshots