-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump trim, @storybook/addon-essentials, @storybook/builder-vite, @storybook/react and @storybook/test-runner #293
base: master
Are you sure you want to change the base?
Conversation
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
f94987c
to
40f670a
Compare
@dependabot recreate |
40f670a
to
a5e90e7
Compare
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected] |
@dependabot rebase |
…er-vite, @storybook/react and @storybook/test-runner Removes [trim](https://github.com/Trott/trim). It's no longer used after updating ancestor dependencies [trim](https://github.com/Trott/trim), [@storybook/addon-essentials](https://github.com/storybookjs/storybook/tree/HEAD/addons/essentials), [@storybook/builder-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/lib/builder-vite), [@storybook/react](https://github.com/storybookjs/storybook/tree/HEAD/renderers/react) and [@storybook/test-runner](https://github.com/storybookjs/test-runner). These dependencies need to be updated together. Removes `trim` Updates `@storybook/addon-essentials` from 6.5.14 to 7.0.4 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Commits](https://github.com/storybookjs/storybook/commits/v7.0.4/addons/essentials) Updates `@storybook/builder-vite` from 0.2.5 to 7.0.4 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.v1-5.md) - [Commits](https://github.com/storybookjs/storybook/commits/v7.0.4/code/lib/builder-vite) Updates `@storybook/react` from 6.5.14 to 7.0.4 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Commits](https://github.com/storybookjs/storybook/commits/v7.0.4/renderers/react) Updates `@storybook/test-runner` from 0.9.1 to 0.10.0 - [Release notes](https://github.com/storybookjs/test-runner/releases) - [Changelog](https://github.com/storybookjs/test-runner/blob/future/CHANGELOG.md) - [Commits](storybookjs/test-runner@v0.9.1...v0.10.0) --- updated-dependencies: - dependency-name: trim dependency-type: indirect - dependency-name: "@storybook/addon-essentials" dependency-type: direct:development - dependency-name: "@storybook/builder-vite" dependency-type: direct:development - dependency-name: "@storybook/react" dependency-type: direct:development - dependency-name: "@storybook/test-runner" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
a5e90e7
to
b102d2d
Compare
Removes trim. It's no longer used after updating ancestor dependencies trim, @storybook/addon-essentials, @storybook/builder-vite, @storybook/react and @storybook/test-runner. These dependencies need to be updated together.
Removes
trim
Updates
@storybook/addon-essentials
from 6.5.14 to 7.0.4Release notes
Sourced from
@storybook/addon-essentials
's releases.... (truncated)
Commits
c2bbe43
stage0ba3aa9e
Update git head to 7.0.0-alpha.13, update yarn.lock9ac4d2e
v7.0.0-alpha.1392eb893
Update git head to 7.0.0-alpha.12, update yarn.lock5070eff
v7.0.0-alpha.120bcc17b
Update git head to 7.0.0-alpha.11, update yarn.lock688d338
v7.0.0-alpha.11a5c35e1
improvements to setup17801df
Update git head to 7.0.0-alpha.10, update yarn.lockb13dd8f
v7.0.0-alpha.10Updates
@storybook/builder-vite
from 0.2.5 to 7.0.4Release notes
Sourced from
@storybook/builder-vite
's releases.... (truncated)
Changelog
Sourced from
@storybook/builder-vite
's changelog.... (truncated)
Commits
Updates
@storybook/react
from 6.5.14 to 7.0.4Release notes
Sourced from
@storybook/react
's releases.... (truncated)
Commits
c2bbe43
stage0057c401
Merge branch 'future/base' into future/drop-emotion-10-typese21f96e
MoveDocsRenderer
back toaddon-docs
ba3aa9e
Update git head to 7.0.0-alpha.13, update yarn.lock9ac4d2e
v7.0.0-alpha.1392eb893
Update git head to 7.0.0-alpha.12, update yarn.lock5070eff
v7.0.0-alpha.120bcc17b
Update git head to 7.0.0-alpha.11, update yarn.lock688d338
v7.0.0-alpha.11590cc50
cleanupUpdates
@storybook/test-runner
from 0.9.1 to 0.10.0Release notes
Sourced from
@storybook/test-runner
's releases.... (truncated)
Changelog
Sourced from
@storybook/test-runner
's changelog.... (truncated)
Commits
638623f
Bump version to: 0.10.0 [skip ci]5d81f7a
Update CHANGELOG.md [skip ci]05edda6
Merge pull request #289 from storybookjs/nexte4fe17b
fix version in support table [skip ci]15afffc
add version support table666d70c
Merge branch 'main' into next [skip ci]141978d
Merge pull request #288 from storybookjs/kasper/update-csf1b073f4
Bump@storybook/csf
to 0.1.0519c438
Merge pull request #283 from storybookjs/feat/prepare-for-sb72ff4518
support Storybook 7.0.0You can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.