You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I recently ran npm audit and discovered 4 high severity vulnerabilities in my project's dependencies. This is a critical security issue that needs to be addressed immediately.
To Reproduce
Steps to reproduce the behavior:
Go to Terminal where you cloned repo.
Run git checkout main
Run npm audit
note error on CLI screen as below
# npm audit report
ip *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix --force`
Will install storybook@6.5.16, which is a breaking change
node_modules/ip
@storybook/core-server *
Depends on vulnerable versions of ip
node_modules/@storybook/core-server
@storybook/cli <=0.0.0-pr-27418-sha-ab9c6633 || >=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/cli
storybook <=0.0.0-pr-27418-sha-ab9c6633 || >=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/cli
node_modules/storybook
4 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
Expected behavior
There should not be any high-risk vulnerabilities
Screenshots
Desktop (please complete the following information):
OS: Mac OS catlina
Browser Chrome
Version 0.8.0
node 18.1
The text was updated successfully, but these errors were encountered:
I tried to use the latest storybook version on an empty npm package and I still get the same vulnerabilities
➜ storybook-test npm audit report
# npm audit report
ip *
Severity: high
ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
fix available via `npm audit fix --force`
Will install storybook@6.5.16, which is a breaking change
node_modules/ip
@storybook/core-server *
Depends on vulnerable versions of ip
node_modules/@storybook/core-server
@storybook/cli <=0.0.0-pr-27522-sha-b32386a1 ||>=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/core-server
node_modules/@storybook/cli
storybook <=0.0.0-pr-27522-sha-b32386a1 ||>=6.5.17-alpha.0
Depends on vulnerable versions of @storybook/cli
node_modules/storybook
4 high severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force
As currently storybook is not a hard dependency for PSAT, I am going to temporarily remove storybook package dependencies form package.json until it is fixed in the upcoming storybook version, or we have a solution of it.
Describe the bug
I recently ran npm audit and discovered 4 high severity vulnerabilities in my project's dependencies. This is a critical security issue that needs to be addressed immediately.
To Reproduce
Steps to reproduce the behavior:
git checkout main
npm audit
Expected behavior
There should not be any high-risk vulnerabilities
Screenshots
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: