Open ahayes91 opened 2 days ago
Hey folks! We're seeing high vulnerabilities reported by Snyk related to the version of express being used here, could we safely update it to the latest 4.21.0 minor version (or maybe even the next major version)?
express
https://www.cve.org/CVERecord?id=CVE-2024-45590 describes the vulnerability, and it looks like express internally updated the body-parser dependency already in https://github.com/expressjs/express/pull/5926
body-parser
Thank you!
https://www.cve.org/CVERecord?id=CVE-2024-45590
N/A
Storybook Environment Info: System: OS: macOS 14.6.1 CPU: (16) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz Shell: 5.9 - /bin/zsh Binaries: Node: 18.19.1 - ~/Library/Caches/fnm_multishells/1473_1727252379074/bin/node Yarn: 1.22.22 - ~/Library/Caches/fnm_multishells/1473_1727252379074/bin/yarn npm: 10.2.4 - ~/Library/Caches/fnm_multishells/1473_1727252379074/bin/npm <----- active pnpm: 9.1.0 - ~/Library/Caches/fnm_multishells/1473_1727252379074/bin/pnpm Browsers: Chrome: 129.0.6668.60 Safari: 17.6 npmPackages: @storybook/blocks: 8.3.2 => 8.3.2 @storybook/react: 8.3.2 => 8.3.2 eslint-plugin-storybook: 0.8.0 => 0.8.0
No response
I would also appreciate an update on this 👍
https://github.com/storybookjs/storybook/pull/29079 should sort this actually!
Describe the bug
Hey folks! We're seeing high vulnerabilities reported by Snyk related to the version of
express
being used here, could we safely update it to the latest 4.21.0 minor version (or maybe even the next major version)?https://www.cve.org/CVERecord?id=CVE-2024-45590 describes the vulnerability, and it looks like
express
internally updated thebody-parser
dependency already in https://github.com/expressjs/express/pull/5926Thank you!
Reproduction link
https://www.cve.org/CVERecord?id=CVE-2024-45590
Reproduction steps
N/A
System
Additional context
No response