Storybook: Upgrade react-syntax-highlighter in order to delete security issue about prismjs
Describe the bug
It could be nice to upgrade react-syntax-highlighter to its last version 13.3.1 because it causes a security issue on my repository about prismjs (https://github.com/advisories/GHSA-wvhm-4hhf-97x9).
So, we need prismjs major to 1.21.0. This has been required in last version of react-syntax-highlighter (13.3.1) that Storybook uses in @storybook/components :
Thanks a lot for your help.
lauthieb
All 5 comments
Fixed by #11838
rnsloan
on 12 Aug 2020
Ermahgerd!! I just released https://github.com/storybookjs/storybook/releases/tag/v6.1.0-alpha.0 containing PR #11838 that references this issue. Upgrade today to try it out!
You can find this prerelease on the @next NPM tag.
Closing this issue. Please re-open if you think there's still more to do.
shilman
on 31 Aug 2020
@shilman Thanks so much for pushing the update with this included!
Not strongly held belief, only suggesting: are there certain classes of bugs that should be marked closed once they've been released in non-alpha/beta releases? I was tracking this issue in another repo waiting to update Storybook and on quick glance would love to know that the bug is closed _and_ the fix is available in a production ready release. Might be asking too much of Github ;)
yoiang
on 3 Sep 2020
@yoiang there will be another comment if this gets patched back to 6.0.x. my script closes issues when the fix is published, regardless of whether it's a stable or prerelease version--basically once it's easily available to use.
shilman
on 3 Sep 2020
@shilman oh that's perfect, thanks for letting me know! Are these your own scripts or are they publicly available, that sounds super handy
yoiang
on 3 Sep 2020
Related issues
oriSomething
路
3Comments
arunoda
路
3Comments
MrOrz
路
3Comments
tirli
路
3Comments
wahengchang
路
3Comments
Most helpful comment
Fixed by #11838