Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

7.0.15 patch release #22705

Merged
merged 4 commits into from
May 23, 2023
Merged

7.0.15 patch release #22705

merged 4 commits into from
May 23, 2023

Conversation

shilman
Copy link
Member

@shilman shilman commented May 23, 2023

Bug Fixes

  • UI: Fix .mp3 support for builder-manager #22699
  • Vite: Fix missing @storybook/global dependency #22700
  • NextJS: Fix compatibility with Next 13.4.3 #22697

ndelangen and others added 4 commits May 24, 2023 00:24
Next.js: add compatibility with Next 13.4.3
…r-builder

UI: Fix `.mp3` support for builder-manager
…al-dep

Vite: Fix missing @storybook/global dependency
@shilman shilman changed the title Merge pull request #22697 from storybookjs/fix/nextjs-node-polyfills 7.0.15 patch release May 23, 2023
@shilman shilman added maintenance User-facing maintenance tasks ci:merged Run the CI jobs that normally run when merged. labels May 23, 2023
@socket-security
Copy link

New dependency changes detected. Learn more about Socket for GitHub ↗︎


🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore tty-browserify@0.0.1
  • @SocketSecurity ignore assert@2.0.0
⚠️ New author

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Package New Author Previous Author Source
tty-browserify@0.0.1 (added) goto-bus-stop substack code/frameworks/nextjs/package.json via node-polyfill-webpack-plugin@2.0.1
assert@2.0.0 (added) lukechilds goto-bus-stop code/frameworks/nextjs/package.json via node-polyfill-webpack-plugin@2.0.1
Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script confusion ✅ 0 issues
Bin script shell injection ✅ 0 issues
Shell access ✅ 0 issues
Uses eval ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
GitHub dependency ✅ 0 issues
New author ⚠️ 2 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package Capability Access +/- Transitive Count Publisher
node-polyfill-webpack-plugin@2.0.1 network +7 richienb

@shilman shilman mentioned this pull request May 23, 2023
@shilman shilman merged commit db6ca60 into main May 23, 2023
@shilman shilman deleted the main-prerelease branch May 23, 2023 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ci:merged Run the CI jobs that normally run when merged. maintenance User-facing maintenance tasks
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants