Skip to content

[Snyk] Security upgrade chromatic from 4.0.3 to 5.0.0 #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade chromatic from 4.0.3 to 5.0.0 #173

wants to merge 1 commit into from

Conversation

@Matthelonianxl
Copy link
Owner

@Matthelonianxl Matthelonianxl commented May 13, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/components/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: chromatic The new version differs by 112 commits.
  • 54f4176 Add Tested with Chromatic badge.
  • f89c749 v5.0.0
  • 1cdb018 5.0.0
  • c4ee47f Add environment suffix to auth message. Throw error when using --junit-report with --exit-once-uploaded.
  • 56b7708 5.0.0-beta.8
  • eaef2f6 Imply --preserve-missing when using --only and cleanup the args listing.
  • 7c122f3 5.0.0-beta.7
  • 219df6f Fix --only validation.
  • 2f125a3 Add conclusion message and improve some messages.
  • 80759fa Fix some URLs.
  • 44735a9 Cleanup.
  • 774a8af 5.0.0-beta.6
  • c2a6783 Change --only to accept a single glob rather than a special format.
  • f4c996f 5.0.0-beta.5
  • 8efec1f Fix link to docs.
  • 8a72a4c Make reporting a separate task.
  • dc22919 Rename --report to --junit-report.
  • 656cb9e Make sure to enable --no-interactive when running in CI.
  • ec9f2de Refer to Chromatic website for CLI docs.
  • b3088b8 5.0.0-beta.4
  • f527a00 Add staging script.
  • 77d7ea1 Transform story path to class path in XML export.
  • 524d603 Better error message when Storybook package can't be found.
  • 3d11851 Show correct flag in skip message.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@Matthelonianxl Matthelonianxl mentioned this pull request Jan 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Matthelonianxl @snyk-bot