support Storybook 7.0.0 #283

yannbf · 2023-03-30T10:38:57Z

Preparing for the release of Storybook 7!

📦 Published PR as canary version: 0.9.5--canary.283.2ff4518.0

✨ Test out this PR locally via:

npm install @storybook/[email protected]
# or 
yarn add @storybook/[email protected]

Version

Published prerelease version: v0.10.0-next.12

Changelog

🚀 Enhancement

New prerelease structure / upgrade to SB7 #210 (@shilman)

🐛 Bug Fix

support Storybook 7.0.0 #283 (@yannbf)
Update getStorybookMain to throw an error if stories are not found in main.js #278 (@valentinpalkovic)
Extend hooks api with prepare and getHttpHeaders properties #245 (@yannbf)
Use preview api instead of store #273 (@kasperpeulen)
Support other test-runner config extensions #259 (@yannbf)
Use ipv4 loopback address #252 (@IanVS)
Fix safe json stringify code #239 (@hansottowirtz)
feat: add shard cli option #243 (@Niznikr @yannbf)
Updating deps to handle TS 4.9 #237 (@kasperpeulen)
Fix target url in error feedback #233 (@yannbf)
Remove unused development packages #227 (@yannbf)
Make setup-page globally available for index.json mode compatibility #217 (@yannbf)
Upgrade CSF to next #212 (@shilman)
Fix missing dependencies #209 (@bryanjtc)

📝 Documentation

Document index.json mode for Svelte CSF #263 (@JReinhold)
Docs: add recipe for browser name #221 (@yannbf)

Authors: 9

Bryan Thomas (@bryanjtc)
Hans Otto Wirtz (@hansottowirtz)
Ian VanSchooten (@IanVS)
Jeppe Reinhold (@JReinhold)
Kasper Peulen (@kasperpeulen)
Michael Shilman (@shilman)
Robert Niznik (@Niznikr)
Valentin Palkovic (@valentinpalkovic)
Yann Braga (@yannbf)

socket-security · 2023-03-30T10:41:19Z

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore @storybook/[email protected]
@SocketSecurity ignore @storybook/[email protected]
@SocketSecurity ignore @storybook/[email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]
@SocketSecurity ignore [email protected]

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
[email protected] (added)	`postinstall`	`package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]

⚠️ Shell access

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Package	Module	Location	Source
[email protected] (added)	child_process	install.js	`package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added)	child_process	lib/main.js	`package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added)	child_process	index.js	`package.json` via @auto-it/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	child_process	index.js	`package.json` via @storybook/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	child_process	lib/utils.js	`package.json` via [email protected]
[email protected] (added)	child_process	dist/gitlog.cjs.development.js	`package.json` via @auto-it/[email protected], [email protected], [email protected]
[email protected] (added)	child_process	dist/gitlog.cjs.production.min.js	`package.json` via @auto-it/[email protected], [email protected], [email protected]
[email protected] (added)	child_process	dist/gitlog.esm.js	`package.json` via @auto-it/[email protected], [email protected], [email protected]
[email protected] (added)	child_process	lib/index.js	`package.json`
[email protected] (added)	child_process	jake-v10.8.5/jakefile.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/lib/package_task.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/lib/publish_task.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/lib/utils/index.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/concurrent.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/file_task.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/file.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/helpers.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/jakelib/rule.jake.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/publish_task.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/rule.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/selfdep.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/task_base.js	`package.json` via [email protected]
[email protected] (added)	child_process	jake-v10.8.5/test/integration/task_base.js	`package.json` via [email protected]
[email protected] (added)	child_process	build/crawlers/node.js	`package.json` via [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	child_process	build/lib/isWatchmanInstalled.js	`package.json` via [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	child_process	build/crawlers/node.js	`package.json` via @storybook/[email protected]
[email protected] (added)	child_process	build/lib/isWatchmanInstalled.js	`package.json` via @storybook/[email protected]
[email protected] (added)	child_process	src/diff-snapshot.js	`package.json`
[email protected] (added)	child_process	lib/index.js	`package.json` via [email protected]
[email protected] (added)	child_process	build/workers/ChildProcessWorker.js	`package.json` via @storybook/[email protected], [email protected]
[email protected] (added)	child_process	build/workers/ChildProcessWorker.js	`package.json` via @storybook/[email protected]
[email protected] (added)	child_process	dist/Runner.js	`package.json` via [email protected]
[email protected] (added)	child_process	src/Runner.js	`package.json` via [email protected]
[email protected] (added)	child_process	index.js	`package.json` via [email protected]
[email protected] (added)	child_process	index.js	`package.json` via [email protected]
[email protected] (added)	child_process	index.js	`package.json` via [email protected]
[email protected] (added)	child_process	lib/bin.js	`package.json` via [email protected]
[email protected] (added)	child_process	lib/cli/cli.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	lib/common/userAgent.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	lib/grid/gridAgent.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	lib/grid/simpleGridFactory.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	lib/outofprocess.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	lib/server/registry/browserFetcher.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	lib/server/registry/dependencies.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	lib/utils/processLauncher.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	lib/utilsBundleImpl.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	lib/Launcher.js	`package.json` via [email protected]
[email protected] (added)	child_process	lib/resolvers.js	`package.json` via @auto-it/[email protected], [email protected], [email protected]
[email protected] (added)	child_process	src/exec-child.js	`package.json` via [email protected]
[email protected] (added)	child_process	src/exec.js	`package.json` via [email protected]
[email protected] (added)	child_process	lib/index.js	`package.json` via [email protected]
[email protected] (added)	child_process	index.js	`package.json` via [email protected], [email protected]
[email protected] (added)	child_process	dist/child/spawn-child.js	`package.json` via @auto-it/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	child_process	lib/tsserver.js	`package.json` via @auto-it/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	child_process	lib/tsserver.js	`package.json` via @auto-it/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	child_process	check-npm-version.js	`package.json` via @babel/[email protected], @babel/[email protected], @babel/[email protected], @babel/[email protected], @babel/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	child_process	index.js	`package.json` via @babel/[email protected], @babel/[email protected], @babel/[email protected], @babel/[email protected], @babel/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
[email protected] (added)	child_process	bin/webpack.js	`package.json` via @storybook/[email protected], [email protected]

⚠️ Uses eval

Package uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Avoid packages that use eval, since this could potentially execute any code.

Package	Eval Type	Location	Source
@storybook/[email protected] (upgraded)	eval	dist/index.js	`package.json` via @storybook/[email protected], [email protected]
@storybook/[email protected] (upgraded)	eval	dist/index.js	`package.json` via @storybook/[email protected], [email protected]
@storybook/[email protected] (upgraded)	eval	dist/index.js	`package.json` via @storybook/[email protected], [email protected]
@storybook/[email protected] (added)	eval	dist/chunk-SIT35WFN.mjs	`package.json` via [email protected]
@storybook/[email protected] (added)	eval	dist/chunk-SIT35WFN.mjs	`package.json` via [email protected]
@storybook/[email protected] (added)	eval	dist/chunk-SIT35WFN.mjs	`package.json` via [email protected]
@storybook/[email protected] (added)	eval	dist/chunk-SIT35WFN.mjs	`package.json` via [email protected]
@storybook/[email protected] (added)	eval	dist/OverlayScrollbars-VAV6LJAB-ZCK6WCDR.mjs	`package.json` via [email protected]
@storybook/[email protected] (added)	eval	dist/runtime.js	`package.json` via @storybook/[email protected]
@storybook/[email protected] (added)	eval	dist/runtime.js	`package.json` via @storybook/[email protected]
@storybook/[email protected] (added)	eval	dist/runtime.js	`package.json` via @storybook/[email protected]
@storybook/[email protected] (added)	eval	dist/runtime.js	`package.json` via @storybook/[email protected]
@storybook/[email protected] (added)	eval	dist/runtime.mjs	`package.json` via @storybook/[email protected]
@storybook/[email protected] (added)	eval	dist/runtime.mjs	`package.json` via @storybook/[email protected]
@storybook/[email protected] (added)	eval	dist/runtime.mjs	`package.json` via @storybook/[email protected]
@storybook/[email protected] (added)	eval	dist/runtime.mjs	`package.json` via @storybook/[email protected]
[email protected] (added)	eval	dist/docs/assets/js/main.js	`package.json` via @auto-it/[email protected], [email protected], [email protected]
[email protected] (added)	eval	dist/docs/assets/js/main.js	`package.json` via @auto-it/[email protected], [email protected], [email protected]
[email protected] (added)	eval	lib/RedisConnection.js	`package.json` via @auto-it/[email protected], [email protected], [email protected]
[email protected] (added)	eval	index.js	`package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added)	eval	lib/loadLoader.js	`package.json` via @storybook/[email protected], [email protected]
[email protected] (added)	eval	dist/index.js	`package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added)	eval	dist/index.js	`package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added)	eval	dist/index.js	`package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added)	eval	dist/index.mjs	`package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added)	eval	dist/index.mjs	`package.json` via @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], @storybook/[email protected], [email protected]
[email protected] (added)	eval	dist/index.mjs	`package.json` via @storybook/[email protected], @storybook/[email protected], [@storybook/[email protected]](https://

codecov · 2023-03-30T13:06:56Z

Codecov Report

Patch and project coverage have no change.

Comparison is base (6427b31) 75.95% compared to head (2ff4518) 75.95%.

Additional details and impacted files

@@           Coverage Diff           @@
##             next     #283   +/-   ##
=======================================
  Coverage   75.95%   75.95%           
=======================================
  Files          11       11           
  Lines         183      183           
  Branches       39       39           
=======================================
  Hits          139      139           
  Misses         44       44

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

github-actions · 2023-04-03T11:53:33Z

🚀 PR was released in v0.10.0 🚀

yannbf added the patch Increment the patch version when merged label Mar 30, 2023

yannbf force-pushed the feat/prepare-for-sb7 branch 2 times, most recently from 9a6f270 to 4979bd5 Compare March 30, 2023 13:00

support Storybook 7.0.0

2ff4518

yannbf force-pushed the feat/prepare-for-sb7 branch from 4979bd5 to 2ff4518 Compare March 31, 2023 14:05

yannbf merged commit 519c438 into next Mar 31, 2023

yannbf deleted the feat/prepare-for-sb7 branch March 31, 2023 14:16

github-actions bot added the prerelease label Mar 31, 2023

github-actions bot mentioned this pull request Apr 3, 2023

Support Storybook 7.0.0 #289

Merged

github-actions bot added released and removed prerelease labels Apr 3, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

support Storybook 7.0.0 #283

support Storybook 7.0.0 #283

yannbf commented Mar 30, 2023 •

edited by github-actions bot

Loading

socket-security bot commented Mar 30, 2023 •

edited

Loading

codecov bot commented Mar 30, 2023 •

edited

Loading

github-actions bot commented Apr 3, 2023

support Storybook 7.0.0 #283

support Storybook 7.0.0 #283

Conversation

yannbf commented Mar 30, 2023 • edited by github-actions bot Loading

Version

🚀 Enhancement

🐛 Bug Fix

📝 Documentation

Authors: 9

socket-security bot commented Mar 30, 2023 • edited Loading

codecov bot commented Mar 30, 2023 • edited Loading

Codecov Report

github-actions bot commented Apr 3, 2023

yannbf commented Mar 30, 2023 •

edited by github-actions bot

Loading

socket-security bot commented Mar 30, 2023 •

edited

Loading

codecov bot commented Mar 30, 2023 •

edited

Loading