Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump trim, @storybook/addon-essentials, @storybook/builder-vite, @storybook/react and @storybook/test-runner #293

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): bump trim, @storybook/addon-essentials, @storybook/builder-vite, @storybook/react and @storybook/test-runner #293

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 12, 2023
edited
Loading

Removes trim. It's no longer used after updating ancestor dependencies trim, @storybook/addon-essentials, @storybook/builder-vite, @storybook/react and @storybook/test-runner. These dependencies need to be updated together.

Removes trim

Updates @storybook/addon-essentials from 6.5.14 to 7.0.4

Release notes

Sourced from @​storybook/addon-essentials's releases.

v7.0.4

Storybook 7.0 is here! 🎉

7.0 contains hundreds more fixes, features, and tweaks. Browse the changelogs matching 7.0.0-alpha.*, 7.0.0-beta.*, and 7.0.0-rc.* for the full list of changes.

See our Migration guide to upgrade from earlier versions of Storybook.

Bug Fixes

  • CLI: Catch errors thrown on sanity check of SB installs #22039

Dependency Upgrades

  • Addon-docs: Remove mdx1-csf as optional peer dep #22038

v7.0.3

Bug Fixes

  • React: Fix default export docgen for React.FC and forwardRef #22024
  • Viewport: Remove transitions when switching viewports #21963
  • CLI: Fix JsPackageManager typo #22006
  • Viewport: Fix the defaultOrientation config option #21962
  • UI: Fix story data access for broken About page #21951
  • Angular: Fix components disappearing on docs page on property change #21944
  • React: Don't show decorators in JSX snippets #21907
  • Addon-docs: Include decorators by default in source decorators #21902
  • CLI: Fix npm list command #21947
  • Core: Revert Emotion :first-child (etc) workarounds #21213

Maintenance

  • UI: Add remount story shortcut #21401
  • Telemetry: Add CLI version to context #21999
  • CLI: Update template code references to 7.0 #21845
  • Addon-actions: Fix non-included type file #21922
  • Addon GFM: Fix node-logger dependency #21938

Dependency Upgrades

... (truncated)

Commits
  • c2bbe43 stage0
  • ba3aa9e Update git head to 7.0.0-alpha.13, update yarn.lock
  • 9ac4d2e v7.0.0-alpha.13
  • 92eb893 Update git head to 7.0.0-alpha.12, update yarn.lock
  • 5070eff v7.0.0-alpha.12
  • 0bcc17b Update git head to 7.0.0-alpha.11, update yarn.lock
  • 688d338 v7.0.0-alpha.11
  • a5c35e1 improvements to setup
  • 17801df Update git head to 7.0.0-alpha.10, update yarn.lock
  • b13dd8f v7.0.0-alpha.10
  • Additional commits viewable in compare view

Updates @storybook/builder-vite from 0.2.5 to 7.0.4

Release notes

Sourced from @​storybook/builder-vite's releases.

v7.0.4

Storybook 7.0 is here! 🎉

7.0 contains hundreds more fixes, features, and tweaks. Browse the changelogs matching 7.0.0-alpha.*, 7.0.0-beta.*, and 7.0.0-rc.* for the full list of changes.

See our Migration guide to upgrade from earlier versions of Storybook.

Bug Fixes

  • CLI: Catch errors thrown on sanity check of SB installs #22039

Dependency Upgrades

  • Addon-docs: Remove mdx1-csf as optional peer dep #22038

v7.0.3

Bug Fixes

  • React: Fix default export docgen for React.FC and forwardRef #22024
  • Viewport: Remove transitions when switching viewports #21963
  • CLI: Fix JsPackageManager typo #22006
  • Viewport: Fix the defaultOrientation config option #21962
  • UI: Fix story data access for broken About page #21951
  • Angular: Fix components disappearing on docs page on property change #21944
  • React: Don't show decorators in JSX snippets #21907
  • Addon-docs: Include decorators by default in source decorators #21902
  • CLI: Fix npm list command #21947
  • Core: Revert Emotion :first-child (etc) workarounds #21213

Maintenance

  • UI: Add remount story shortcut #21401
  • Telemetry: Add CLI version to context #21999
  • CLI: Update template code references to 7.0 #21845
  • Addon-actions: Fix non-included type file #21922
  • Addon GFM: Fix node-logger dependency #21938

Dependency Upgrades

... (truncated)

Changelog

Sourced from @​storybook/builder-vite's changelog.

5.3.7 (January 20, 2020)

Bug Fixes

  • Node-logger: Move @types/npmlog to dependencies (#9538)
  • Core: Fix legacy story URLs (#9545)
  • Addon-docs: Convert default prop value to string (#9525)
  • Addon-docs: Preserve Source indentation by default (#9513)

5.3.6 (January 17, 2020)

Bug Fixes

  • Source-loader: Bypass if file has no exports (#9505)
  • Core: Fix default sorting of docs-only stories (#9504)

5.3.5 (January 17, 2020)

Bug Fixes

  • Core: Fix typo for loading addon-notes/register-panel (#9497)
  • Source-loader: Add imports to top of file (#9492)

5.3.4 (January 16, 2020)

Bug Fixes

  • Core: Fix presets register panel (#9486)
  • Core: Fix addon/preset detection for local addons (#9485)
  • Core: Fix default story sort (#9482)

5.3.3 (January 14, 2020)

Bug Fixes

  • UI: Fix edge case where only one legacy separator is defined (#9425)
  • Core: Preserve kind load order on HMR when no sortFn is provided (#9424)
  • Angular: Fix missing architect properties (#9390)
  • Addon-knobs: Fix null knob values in select (#9416)
  • Source-loader: Disable linting altogether (#9417)

5.3.2 (January 13, 2020)

Bug Fixes

  • Source-loader: Disable eslint entirely for generated code (#9410)

5.3.1 (January 12, 2020)

Bug Fixes

... (truncated)

Commits

Updates @storybook/react from 6.5.14 to 7.0.4

Release notes

Sourced from @​storybook/react's releases.

v7.0.4

Storybook 7.0 is here! 🎉

7.0 contains hundreds more fixes, features, and tweaks. Browse the changelogs matching 7.0.0-alpha.*, 7.0.0-beta.*, and 7.0.0-rc.* for the full list of changes.

See our Migration guide to upgrade from earlier versions of Storybook.

Bug Fixes

  • CLI: Catch errors thrown on sanity check of SB installs #22039

Dependency Upgrades

  • Addon-docs: Remove mdx1-csf as optional peer dep #22038

v7.0.3

Bug Fixes

  • React: Fix default export docgen for React.FC and forwardRef #22024
  • Viewport: Remove transitions when switching viewports #21963
  • CLI: Fix JsPackageManager typo #22006
  • Viewport: Fix the defaultOrientation config option #21962
  • UI: Fix story data access for broken About page #21951
  • Angular: Fix components disappearing on docs page on property change #21944
  • React: Don't show decorators in JSX snippets #21907
  • Addon-docs: Include decorators by default in source decorators #21902
  • CLI: Fix npm list command #21947
  • Core: Revert Emotion :first-child (etc) workarounds #21213

Maintenance

  • UI: Add remount story shortcut #21401
  • Telemetry: Add CLI version to context #21999
  • CLI: Update template code references to 7.0 #21845
  • Addon-actions: Fix non-included type file #21922
  • Addon GFM: Fix node-logger dependency #21938

Dependency Upgrades

... (truncated)

Commits
  • c2bbe43 stage0
  • 057c401 Merge branch 'future/base' into future/drop-emotion-10-types
  • e21f96e Move DocsRenderer back to addon-docs
  • ba3aa9e Update git head to 7.0.0-alpha.13, update yarn.lock
  • 9ac4d2e v7.0.0-alpha.13
  • 92eb893 Update git head to 7.0.0-alpha.12, update yarn.lock
  • 5070eff v7.0.0-alpha.12
  • 0bcc17b Update git head to 7.0.0-alpha.11, update yarn.lock
  • 688d338 v7.0.0-alpha.11
  • 590cc50 cleanup
  • Additional commits viewable in compare view

Updates @storybook/test-runner from 0.9.1 to 0.10.0

Release notes

Sourced from @​storybook/test-runner's releases.

v0.10.0

🚀 Enhancement

🐛 Bug Fix

📝 Documentation

Authors: 9

v0.10.0-next.13

🚀 Enhancement

🐛 Bug Fix

... (truncated)

Changelog

Sourced from @​storybook/test-runner's changelog.

v0.10.0 (Mon Apr 03 2023)

🚀 Enhancement

🐛 Bug Fix

📝 Documentation

Authors: 9

v0.9.4 (Wed Feb 01 2023)

🐛 Bug Fix

... (truncated)

Commits
  • 638623f Bump version to: 0.10.0 [skip ci]
  • 5d81f7a Update CHANGELOG.md [skip ci]
  • 05edda6 Merge pull request #289 from storybookjs/next
  • e4fe17b fix version in support table [skip ci]
  • 15afffc add version support table
  • 666d70c Merge branch 'main' into next [skip ci]
  • 141978d Merge pull request #288 from storybookjs/kasper/update-csf
  • 1b073f4 Bump @​storybook/csf to 0.1.0
  • 519c438 Merge pull request #283 from storybookjs/feat/prepare-for-sb7
  • 2ff4518 support Storybook 7.0.0
  • Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Apr 12, 2023
@socket-security
Copy link

socket-security bot commented Apr 12, 2023
edited
Loading

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert Package NoteSource
Install scripts npm/@swc/[email protected]
  • Install script: postinstall
  • Source: node postinstall.js

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/trim-and-storybook/addon-essentials-and-storybook/builder-vite-and-storybook/react-and-storybook/test-runner--removed branch from f94987c to 40f670a Compare April 18, 2023 19:57
@alebusse
Copy link
Contributor

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/trim-and-storybook/addon-essentials-and-storybook/builder-vite-and-storybook/react-and-storybook/test-runner--removed branch from 40f670a to a5e90e7 Compare February 14, 2024 21:26
@socket-security Socket Security
Copy link

socket-security bot commented Feb 14, 2024
edited
Loading

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@storybook/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +416 496 MB shilman
npm/@storybook/[email protected] environment, filesystem Transitive: eval, network, shell, unsafe +280 522 MB shilman
npm/@storybook/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +176 318 MB shilman
npm/@storybook/[email protected] environment Transitive: eval, filesystem, network, shell, unsafe +552 773 MB shilman

🚮 Removed packages: npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected]

View full report↗︎

@alebusse
Copy link
Contributor

@dependabot rebase

@dependabot
chore(deps): bump trim, @storybook/addon-essentials, @storybook/build…
b102d2d 
…er-vite, @storybook/react and @storybook/test-runner

Removes [trim](https://github.com/Trott/trim). It's no longer used after updating ancestor dependencies [trim](https://github.com/Trott/trim), [@storybook/addon-essentials](https://github.com/storybookjs/storybook/tree/HEAD/addons/essentials), [@storybook/builder-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/lib/builder-vite), [@storybook/react](https://github.com/storybookjs/storybook/tree/HEAD/renderers/react) and [@storybook/test-runner](https://github.com/storybookjs/test-runner). These dependencies need to be updated together.


Removes `trim`

Updates `@storybook/addon-essentials` from 6.5.14 to 7.0.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Commits](https://github.com/storybookjs/storybook/commits/v7.0.4/addons/essentials)

Updates `@storybook/builder-vite` from 0.2.5 to 7.0.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.v1-5.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v7.0.4/code/lib/builder-vite)

Updates `@storybook/react` from 6.5.14 to 7.0.4
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Commits](https://github.com/storybookjs/storybook/commits/v7.0.4/renderers/react)

Updates `@storybook/test-runner` from 0.9.1 to 0.10.0
- [Release notes](https://github.com/storybookjs/test-runner/releases)
- [Changelog](https://github.com/storybookjs/test-runner/blob/future/CHANGELOG.md)
- [Commits](storybookjs/test-runner@v0.9.1...v0.10.0)

---
updated-dependencies:
- dependency-name: trim
  dependency-type: indirect
- dependency-name: "@storybook/addon-essentials"
  dependency-type: direct:development
- dependency-name: "@storybook/builder-vite"
  dependency-type: direct:development
- dependency-name: "@storybook/react"
  dependency-type: direct:development
- dependency-name: "@storybook/test-runner"
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/trim-and-storybook/addon-essentials-and-storybook/builder-vite-and-storybook/react-and-storybook/test-runner--removed branch from a5e90e7 to b102d2d Compare February 14, 2024 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alebusse