Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

***URGENT - Potential security vulnerabilities*** #17648

Closed
smo043 opened this issue Mar 7, 2022 · 6 comments
Closed

***URGENT - Potential security vulnerabilities*** #17648

smo043 opened this issue Mar 7, 2022 · 6 comments

Comments

@smo043
Copy link

smo043 commented Mar 7, 2022

Hello Team,

Could you please bump the below dependencies version to the latest?

  1. glob-parent:

Remediation

Upgrade glob-parent to version 5.1.2 or later. For example:

glob-parent@^5.1.2:
  version "5.1.2"

Always verify the validity and compatibility of suggestions with your codebase.

@storybook/react@6.4.19
│ ├─┬ @storybook/core@6.4.19
│ │ └─┬ @storybook/core-server@6.4.19
│ │ └─┬ cpy@8.1.2
│ │ └─┬ globby@9.2.0
│ │ └─┬ fast-glob@2.2.7
│ │ └── glob-parent@3.1.0

  1. trim:

Remediation

Upgrade trim to version 0.0.3 or later. For example:

trim@^0.0.3:
  version "0.0.3"

└─┬ @storybook/addon-essentials@6.4.19
└─┬ @storybook/addon-docs@6.4.19
└─┬ @mdx-js/mdx@1.6.22
└─┬ remark-parse@8.0.3
└── trim@0.0.1

@farideliyev
Copy link

@smo043 issue related with trim is fixed, look at #14603.
I have the same issue with glob-parent

@mxpaspa
Copy link

mxpaspa commented Mar 23, 2022

@farideliyev Any idea when the glob-parent vulnerability will be remediated? Thank you,.

@smo043
Copy link
Author

smo043 commented Mar 24, 2022

Pls release a patch version to fix the vulnerabilities. Security team is behind us.

@marcoaring
Copy link

Pls release a patch version to fix the vulnerabilities. Security team is behind us ².

@bodograumann
Copy link
Contributor

Duplicate of #15174 and #14603

@shilman
Copy link
Member

shilman commented Apr 13, 2022

closing as dupe to #15174 and #14603

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants