-
-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
npm audit fix fails with severity high because of dependency markdown-to-jsx #10871
Comments
Yowza!! I just released https://github.com/storybookjs/storybook/releases/tag/v6.0.0-beta.13 containing PR #10873 that references this issue. Upgrade today to try it out! You can find this prerelease on the Closing this issue. Please re-open if you think there's still more to do. |
Yippee!! I just released https://github.com/storybookjs/storybook/releases/tag/v5.3.19 containing PR #10873 that references this issue. Upgrade today to try it out! |
I'm still seeing this as an issue in 5.3.19 even after uninstalling and reinstalling @storybook/react. Both @storybook/ui and @storybook/components depends on this and it's still causing a vulnerability. And looking at the link provided by npm audit, it says there is no fix available and that this still affects 6.11.4. It seems that the only way to fix it would be to downgrade the version of markdown-to-jsx |
Looks like Will upgrade when ready |
Looks like the fix in v6.11.4 from |
@msvivianso thanks so much for letting me know. 🙏 closing! |
Describe the bug
Result of npm audit
To Reproduce
Steps to reproduce the behavior:
Additional context
Even if it is a static content deployment at the end, it is still relevant if any other systems are available by the same domain.
Currently this issue is a show stopper for all public facing installations
The text was updated successfully, but these errors were encountered: