4 High Severity Vulnerabilities with npm audit

[milindmore22]

Describe the bug
I recently ran npm audit and discovered 4 high severity vulnerabilities in my project's dependencies. This is a critical security issue that needs to be addressed immediately.

To Reproduce
Steps to reproduce the behavior:

1. Go to Terminal where you cloned repo.
2. Run git checkout main
3. Run npm audit
4. note error on CLI screen as below

# npm audit report
ip  *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix --force`
Will install storybook@6.5.16, which is a breaking change
node_modules/ip
  @storybook/core-server  *
  Depends on vulnerable versions of ip
  node_modules/@storybook/core-server
    @storybook/cli  <=0.0.0-pr-27418-sha-ab9c6633 || >=6.5.17-alpha.0
    Depends on vulnerable versions of @storybook/core-server
    node_modules/@storybook/cli
      storybook  <=0.0.0-pr-27418-sha-ab9c6633 || >=6.5.17-alpha.0
      Depends on vulnerable versions of @storybook/cli
      node_modules/storybook

4 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Expected behavior
There should not be any high-risk vulnerabilities

Screenshots

Desktop (please complete the following information):

• OS: Mac OS catlina
• Browser Chrome
• Version 0.8.0
• node 18.1

[mohdsayed]

1. npm run fix --force is unable to fix it.
2. I tried to use the latest storybook version on an empty npm package and I still get the same vulnerabilities

➜  storybook-test npm audit report
# npm audit report

ip  *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix --force`
Will install storybook@6.5.16, which is a breaking change
node_modules/ip
  @storybook/core-server  *
  Depends on vulnerable versions of ip
  node_modules/@storybook/core-server
    @storybook/cli  <=0.0.0-pr-27522-sha-b32386a1 || >=6.5.17-alpha.0
    Depends on vulnerable versions of @storybook/core-server
    node_modules/@storybook/cli
      storybook  <=0.0.0-pr-27522-sha-b32386a1 || >=6.5.17-alpha.0
      Depends on vulnerable versions of @storybook/cli
      node_modules/storybook

4 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

It appears that this needs to be fixed in storybook
Related: storybookjs/storybook#26014

As currently storybook is not a hard dependency for PSAT, I am going to temporarily remove storybook package dependencies form package.json until it is fixed in the upcoming storybook version, or we have a solution of it.

[milindmore22]

Checked Looks good 👍🏼