Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dependencies: Upgrade simple-update-notifier #23396

Merged

Conversation

dartess
Copy link
Contributor

@dartess dartess commented Jul 11, 2023

Closes #23544
Closes #23547

What I did

update simple-update-notifier for update semver:

# npm audit report

semver  <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
├─┬ storybook@7.0.26
│ └─┬ @storybook/cli@7.0.26
│   └─┬ simple-update-notifier@1.1.0
│     └── semver@7.0.0

breaking changes do not affect this repository: https://github.com/alexbrazier/simple-update-notifier/releases/tag/v2.0.0

Checklist

  • Make sure your changes are tested (stories and/or unit, integration, or end-to-end tests)
  • Make sure to add/update documentation regarding your changes
  • If you are deprecating/removing a feature, make sure to update
    MIGRATION.MD

Maintainers

  • If this PR should be tested against many or all sandboxes,
    make sure to add the ci:merged or ci:daily GH label to it.
  • Make sure this PR contains one of the labels below.

["cleanup", "BREAKING CHANGE", "feature request", "bug", "documentation", "maintenance", "dependencies", "other"]

@socket-security
Copy link

socket-security bot commented Jul 11, 2023

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
simple-update-notifier 2.0.0 None +0 25.8 kB aejbrazier

@serggl
Copy link

serggl commented Jul 17, 2023

Hi! What's the plan for shipping this? thanks

@shilman shilman changed the title update simple-update-notifier Dependencies: Upgrade simple-update-notifier Jul 21, 2023
@valentinpalkovic valentinpalkovic added patch:yes Bugfix & documentation PR that need to be picked to main branch ci:normal labels Jul 24, 2023
@valentinpalkovic valentinpalkovic merged commit 7e0dabc into storybookjs:next Jul 25, 2023
1 check passed
@github-actions github-actions bot mentioned this pull request Jul 26, 2023
30 tasks
storybook-bot pushed a commit that referenced this pull request Aug 3, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
@github-actions github-actions bot mentioned this pull request Aug 3, 2023
32 tasks
storybook-bot pushed a commit that referenced this pull request Aug 4, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
storybook-bot pushed a commit that referenced this pull request Aug 7, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
storybook-bot pushed a commit that referenced this pull request Aug 7, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
storybook-bot pushed a commit that referenced this pull request Aug 7, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
storybook-bot pushed a commit that referenced this pull request Aug 7, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
storybook-bot pushed a commit that referenced this pull request Aug 8, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
storybook-bot pushed a commit that referenced this pull request Aug 9, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
storybook-bot pushed a commit that referenced this pull request Aug 9, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
storybook-bot pushed a commit that referenced this pull request Aug 9, 2023
Dependencies: Upgrade simple-update-notifier
(cherry picked from commit 7e0dabc)
@kasperpeulen kasperpeulen removed the patch:yes Bugfix & documentation PR that need to be picked to main branch label Aug 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants