search

storybookjs / mdx1-csf

MDX to CSF compiler using MDXv1
MIT License
4 stars 12 forks source link

Upgrade to SB7.0 #22

Closed shilman closed 1 year ago

shilman commented 1 year ago

Update version dependency to point include 7.0 support. Will publish a major release as a follow-on step next week.

📦 Published PR as canary version: 0.0.5--canary.22.909f1b7.0
:sparkles: Test out this PR locally via: ```bash npm install @storybook/mdx1-csf@0.0.5--canary.22.909f1b7.0 # or yarn add @storybook/mdx1-csf@0.0.5--canary.22.909f1b7.0 ```

Version

Published prerelease version: v1.0.0-next.3

Changelog #### 💥 Breaking Change - Update to 7.0 / mdx2-csf structure [#19](https://github.com/storybookjs/mdx1-csf/pull/19) ([@shilman](https://github.com/shilman)) #### 🐛 Bug Fix - Upgrade to SB7.0 [#22](https://github.com/storybookjs/mdx1-csf/pull/22) ([@shilman](https://github.com/shilman)) - Throw descriptive error when 'of' prop is detected [#21](https://github.com/storybookjs/mdx1-csf/pull/21) ([@JReinhold](https://github.com/JReinhold)) - Move mdx import out of loader into compile [#20](https://github.com/storybookjs/mdx1-csf/pull/20) ([@shilman](https://github.com/shilman)) - ReDoS attack patch [#17](https://github.com/storybookjs/mdx1-csf/pull/17) ([@iarmbears](https://github.com/iarmbears)) #### Authors: 3 - [@iarmbears](https://github.com/iarmbears) - Jeppe Reinhold ([@JReinhold](https://github.com/JReinhold)) - Michael Shilman ([@shilman](https://github.com/shilman))
socket-security[bot] commented 1 year ago

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore esbuild@0.17.14
  • @SocketSecurity ignore babel-plugin-istanbul@6.1.1
  • @SocketSecurity ignore commander@2.20.3
  • @SocketSecurity ignore commander@9.5.0
  • @SocketSecurity ignore cross-spawn@7.0.3
  • @SocketSecurity ignore envinfo@7.8.1
  • @SocketSecurity ignore execa@5.1.1
  • @SocketSecurity ignore fb-watchman@2.0.2
  • @SocketSecurity ignore gitlog@4.0.4
  • @SocketSecurity ignore jake@10.8.5
  • @SocketSecurity ignore jest-worker@27.5.1
  • @SocketSecurity ignore jscodeshift@0.14.0
  • @SocketSecurity ignore jsdom@16.7.0
  • @SocketSecurity ignore pidtree@0.6.0
  • @SocketSecurity ignore requireg@0.2.2
  • @SocketSecurity ignore shelljs@0.8.5
  • @SocketSecurity ignore tree-kill@1.2.2
  • @SocketSecurity ignore ts-node@10.9.1
  • @SocketSecurity ignore typescript@4.9.4
  • @SocketSecurity ignore update-browserslist-db@1.0.10
  • @SocketSecurity ignore webpack@5.75.0
  • @SocketSecurity ignore ajv@6.12.6
  • @SocketSecurity ignore depd@2.0.0
  • @SocketSecurity ignore ejs@3.1.8
  • @SocketSecurity ignore expect@27.5.1
  • @SocketSecurity ignore handlebars@4.7.7
  • @SocketSecurity ignore is-callable@1.2.7
  • @SocketSecurity ignore jest-diff@27.5.1
  • @SocketSecurity ignore js-yaml@3.14.1
  • @SocketSecurity ignore lodash@4.17.21
  • @SocketSecurity ignore object-inspect@1.12.3
  • @SocketSecurity ignore prettier@2.8.3
  • @SocketSecurity ignore pretty-format@27.5.1
  • @SocketSecurity ignore rollup@3.10.1
  • @SocketSecurity ignore telejson@7.0.4
  • @SocketSecurity ignore tsup@6.5.0
  • @SocketSecurity ignore uglify-js@3.17.4
  • @SocketSecurity ignore await-to-js@3.0.0
  • @SocketSecurity ignore bottleneck@2.19.5
  • @SocketSecurity ignore get-intrinsic@1.2.0
  • @SocketSecurity ignore loader-runner@4.3.0
📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package Script field Source
esbuild@0.17.14 (upgraded) postinstall package.json via @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, storybook@7.0.0, tsup@6.5.0
⚠️ Shell access

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Package Module Location Source
babel-plugin-istanbul@6.1.1 (added) child_process lib/index.js package.json via @storybook/addon-essentials@7.0.0, babel-jest@27.5.1, jest@27.5.1, ts-jest@27.1.5
commander@2.20.3 (upgraded) child_process index.js package.json via @storybook/react-webpack5@7.0.0, babel-loader@8.3.0
commander@9.5.0 (upgraded) child_process lib/command.js package.json via lint-staged@13.1.0
cross-spawn@7.0.3 (added) child_process index.js package.json via @storybook/react-webpack5@7.0.0, auto@10.37.6, jest@27.5.1, lint-staged@13.1.0, storybook@7.0.0, ts-jest@27.1.5, tsup@6.5.0
envinfo@7.8.1 (added) child_process dist/envinfo.js package.json via storybook@7.0.0
esbuild@0.17.14 (upgraded) child_process install.js package.json via @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, storybook@7.0.0, tsup@6.5.0
esbuild@0.17.14 (upgraded) child_process lib/main.js package.json via @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, storybook@7.0.0, tsup@6.5.0
execa@5.1.1 (added) child_process index.js package.json via auto@10.37.6, jest@27.5.1, storybook@7.0.0, ts-jest@27.1.5, tsup@6.5.0
fb-watchman@2.0.2 (added) child_process index.js package.json via @storybook/addon-essentials@7.0.0, babel-jest@27.5.1, jest@27.5.1, ts-jest@27.1.5
gitlog@4.0.4 (added) child_process dist/gitlog.cjs.development.js package.json via auto@10.37.6
gitlog@4.0.4 (added) child_process dist/gitlog.cjs.production.min.js package.json via auto@10.37.6
gitlog@4.0.4 (added) child_process dist/gitlog.esm.js package.json via auto@10.37.6
jake@10.8.5 (added) child_process jake-v10.8.5/jakefile.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/lib/package_task.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/lib/publish_task.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/lib/utils/index.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/concurrent.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/file_task.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/file.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/helpers.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/jakelib/rule.jake.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/publish_task.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/rule.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/selfdep.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/task_base.js package.json via storybook@7.0.0
jake@10.8.5 (added) child_process jake-v10.8.5/test/integration/task_base.js package.json via storybook@7.0.0
jest-worker@27.5.1 (upgraded) child_process build/workers/ChildProcessWorker.js package.json via @storybook/react-webpack5@7.0.0, babel-jest@27.5.1, babel-loader@8.3.0, jest@27.5.1, ts-jest@27.1.5
jscodeshift@0.14.0 (upgraded) child_process dist/Runner.js package.json via storybook@7.0.0
jscodeshift@0.14.0 (upgraded) child_process src/Runner.js package.json via storybook@7.0.0
jsdom@16.7.0 (added) child_process lib/jsdom/living/xhr/XMLHttpRequest-impl.js package.json via jest@27.5.1, jest-environment-jsdom@27.5.1, ts-jest@27.1.5
pidtree@0.6.0 (added) child_process lib/bin.js package.json via lint-staged@13.1.0
requireg@0.2.2 (added) child_process lib/resolvers.js package.json via auto@10.37.6
shelljs@0.8.5 (added) child_process src/exec-child.js package.json via storybook@7.0.0
shelljs@0.8.5 (added) child_process src/exec.js package.json via storybook@7.0.0
tree-kill@1.2.2 (added) child_process index.js package.json via concurrently@7.6.0, tsup@6.5.0
ts-node@10.9.1 (added) child_process dist/child/spawn-child.js package.json via auto@10.37.6, jest@27.5.1, ts-jest@27.1.5, tsup@6.5.0
typescript@4.9.4 (added) child_process lib/tsserver.js package.json via @storybook/react-webpack5@7.0.0, auto@10.37.6, jest@27.5.1, ts-jest@27.1.5, tsup@6.5.0
typescript@4.9.4 (added) child_process lib/tsserver.js package.json via @storybook/react-webpack5@7.0.0, auto@10.37.6, jest@27.5.1, ts-jest@27.1.5, tsup@6.5.0
update-browserslist-db@1.0.10 (added) child_process check-npm-version.js package.json via @babel/core@7.20.12, @babel/preset-env@7.20.2, @babel/preset-react@7.18.6, @babel/preset-typescript@7.18.6, @mdx-js/mdx@1.6.22, @storybook/addon-actions@7.0.0, @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/addon-links@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, babel-jest@27.5.1, babel-loader@8.3.0, jest@27.5.1, storybook@7.0.0, ts-jest@27.1.5
update-browserslist-db@1.0.10 (added) child_process index.js package.json via @babel/core@7.20.12, @babel/preset-env@7.20.2, @babel/preset-react@7.18.6, @babel/preset-typescript@7.18.6, @mdx-js/mdx@1.6.22, @storybook/addon-actions@7.0.0, @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/addon-links@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, babel-jest@27.5.1, babel-loader@8.3.0, jest@27.5.1, storybook@7.0.0, ts-jest@27.1.5
webpack@5.75.0 (added) child_process bin/webpack.js package.json via @storybook/react-webpack5@7.0.0, babel-loader@8.3.0
⚠️ Uses eval

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

Package Eval Type Location Source
ajv@6.12.6 (added) Function dist/ajv.bundle.js package.json via @storybook/react-webpack5@7.0.0, babel-loader@8.3.0
ajv@6.12.6 (added) Function lib/compile/index.js package.json via @storybook/react-webpack5@7.0.0, babel-loader@8.3.0
depd@2.0.0 (added) Function index.js package.json via @storybook/addon-actions@7.0.0, @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/addon-links@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, storybook@7.0.0
ejs@3.1.8 (added) Function ejs-v3.1.8/ejs.js package.json via storybook@7.0.0
ejs@3.1.8 (added) Function ejs-v3.1.8/ejs.js package.json via storybook@7.0.0
ejs@3.1.8 (added) Function ejs-v3.1.8/ejs.min.js package.json via storybook@7.0.0
ejs@3.1.8 (added) Function ejs-v3.1.8/ejs.min.js package.json via storybook@7.0.0
ejs@3.1.8 (added) Function ejs-v3.1.8/lib/ejs.js package.json via storybook@7.0.0
ejs@3.1.8 (added) Function ejs-v3.1.8/lib/ejs.js package.json via storybook@7.0.0
envinfo@7.8.1 (added) Function dist/envinfo.js package.json via storybook@7.0.0
envinfo@7.8.1 (added) Function dist/envinfo.js package.json via storybook@7.0.0
expect@27.5.1 (added) Function build/index.js package.json via jest@27.5.1, ts-jest@27.1.5
expect@27.5.1 (added) Function build/index.js package.json via jest@27.5.1, ts-jest@27.1.5
expect@27.5.1 (added) Function build/index.js package.json via jest@27.5.1, ts-jest@27.1.5
expect@27.5.1 (added) Function build/utils.js package.json via jest@27.5.1, ts-jest@27.1.5
handlebars@4.7.7 (added) Function dist/cjs/handlebars/compiler/javascript-compiler.js package.json via @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, storybook@7.0.0
handlebars@4.7.7 (added) Function dist/cjs/handlebars/compiler/javascript-compiler.js package.json via @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, storybook@7.0.0
handlebars@4.7.7 (added) Function dist/handlebars.amd.js package.json via @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, storybook@7.0.0
handlebars@4.7.7 (added) Function dist/handlebars.amd.js package.json via @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, storybook@7.0.0
handlebars@4.7.7 (added) Function dist/handlebars.amd.min.js package.json via @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, storybook@7.0.0
handlebars@4.7.7 (added) Function dist/handlebars.amd.min.js package.json via @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, storybook@7.0.0
is-callable@1.2.7 (added) Function test/index.js package.json via @storybook/addon-essentials@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, @testing-library/dom@8.20.0, @testing-library/react@12.1.5, @testing-library/user-event@13.5.0, storybook@7.0.0
is-callable@1.2.7 (added) Function test/index.js package.json via @storybook/addon-essentials@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, @testing-library/dom@8.20.0, @testing-library/react@12.1.5, @testing-library/user-event@13.5.0, storybook@7.0.0
jest-diff@27.5.1 (added) Function build/index.js package.json via @types/jest@27.5.2, jest@27.5.1, ts-jest@27.1.5
js-yaml@3.14.1 (added) Function dist/js-yaml.js package.json via @storybook/addon-essentials@7.0.0, babel-jest@27.5.1, jest@27.5.1, ts-jest@27.1.5
js-yaml@3.14.1 (added) Function dist/js-yaml.js package.json via @storybook/addon-essentials@7.0.0, babel-jest@27.5.1, jest@27.5.1, ts-jest@27.1.5
js-yaml@3.14.1 (added) Function lib/js-yaml/type/js/function.js package.json via @storybook/addon-essentials@7.0.0, babel-jest@27.5.1, jest@27.5.1, ts-jest@27.1.5
js-yaml@3.14.1 (added) Function lib/js-yaml/type/js/function.js package.json via @storybook/addon-essentials@7.0.0, babel-jest@27.5.1, jest@27.5.1, ts-jest@27.1.5
jsdom@16.7.0 (added) Function lib/jsdom/living/helpers/create-event-accessor.js package.json via jest@27.5.1, jest-environment-jsdom@27.5.1, ts-jest@27.1.5
jsdom@16.7.0 (added) Function lib/jsdom/vm-shim.js package.json via jest@27.5.1, jest-environment-jsdom@27.5.1, ts-jest@27.1.5
lodash@4.17.21 (added) Function _root.js package.json via @mdx-js/mdx@1.6.22, @storybook/addon-actions@7.0.0, @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/addon-links@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, concurrently@7.6.0, jest@27.5.1, jest-environment-jsdom@27.5.1, storybook@7.0.0, ts-jest@27.1.5
lodash@4.17.21 (added) Function template.js package.json via @mdx-js/mdx@1.6.22, @storybook/addon-actions@7.0.0, @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/addon-links@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, concurrently@7.6.0, jest@27.5.1, jest-environment-jsdom@27.5.1, storybook@7.0.0, ts-jest@27.1.5
object-inspect@1.12.3 (added) Function test/bigint.js package.json via @storybook/addon-actions@7.0.0, @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/addon-links@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, @testing-library/dom@8.20.0, @testing-library/react@12.1.5, @testing-library/user-event@13.5.0, lint-staged@13.1.0, storybook@7.0.0
object-inspect@1.12.3 (added) Function test/bigint.js package.json via @storybook/addon-actions@7.0.0, @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/addon-links@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, @testing-library/dom@8.20.0, @testing-library/react@12.1.5, @testing-library/user-event@13.5.0, lint-staged@13.1.0, storybook@7.0.0
object-inspect@1.12.3 (added) Function test/bigint.js package.json via @storybook/addon-actions@7.0.0, @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/addon-links@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, @testing-library/dom@8.20.0, @testing-library/react@12.1.5, @testing-library/user-event@13.5.0, lint-staged@13.1.0, storybook@7.0.0
prettier@2.8.3 (added) Function cli.js package.json via storybook@7.0.0
pretty-format@27.5.1 (added) Function build/plugins/AsymmetricMatcher.js package.json via @storybook/testing-library@0.0.14-next.1, @testing-library/dom@8.20.0, @testing-library/react@12.1.5, @testing-library/user-event@13.5.0, @types/jest@27.5.2, jest@27.5.1, jest-environment-jsdom@27.5.1, ts-jest@27.1.5
pretty-format@27.5.1 (added) Function build/plugins/ReactTestComponent.js package.json via @storybook/testing-library@0.0.14-next.1, @testing-library/dom@8.20.0, @testing-library/react@12.1.5, @testing-library/user-event@13.5.0, @types/jest@27.5.2, jest@27.5.1, jest-environment-jsdom@27.5.1, ts-jest@27.1.5
rollup@3.10.1 (added) Function dist/shared/loadConfigFile.js package.json via tsup@6.5.0
rollup@3.10.1 (added) Function dist/shared/loadConfigFile.js package.json via tsup@6.5.0
telejson@7.0.4 (added) Function dist/index.js package.json via @storybook/addon-actions@7.0.0, @storybook/addon-essentials@7.0.0, @storybook/addon-interactions@7.0.0, @storybook/addon-links@7.0.0, @storybook/react@7.0.0, @storybook/react-webpack5@7.0.0, @storybook/testing-library@0.0.14-next.1, storybook@7.0.0
telejson@7.0.4 (added) Function dist/index.js package.json via [@storybook/addon-actions