Skip to content

Commit b4894c0

Browse files
authored
fix: address npm security vulnerabilities (#154)
- CVE-2025-68429: Upgrade storybook to 8.6.15 (env var exposure in builds) - CVE-2026-22036: Override undici to >=6.23.0 (DoS via decompression)
1 parent 96c3daa commit b4894c0

2 files changed

Lines changed: 203 additions & 209 deletions

File tree

package.json

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -79,15 +79,15 @@
7979
"@jsonforms/core": "^3.4.0",
8080
"@jsonforms/react": "^3.4.0",
8181
"@semantic-release/npm": "13.1.3",
82-
"@storybook/addon-essentials": "^8.6.12",
83-
"@storybook/addon-interactions": "^8.6.12",
84-
"@storybook/addon-links": "^8.6.12",
85-
"@storybook/addon-mdx-gfm": "^8.6.12",
86-
"@storybook/addon-onboarding": "^8.6.12",
87-
"@storybook/blocks": "^8.6.12",
88-
"@storybook/react": "^8.6.12",
89-
"@storybook/react-vite": "^8.6.12",
90-
"@storybook/test": "^8.6.12",
82+
"@storybook/addon-essentials": "^8.6.15",
83+
"@storybook/addon-interactions": "^8.6.15",
84+
"@storybook/addon-links": "^8.6.15",
85+
"@storybook/addon-mdx-gfm": "^8.6.15",
86+
"@storybook/addon-onboarding": "^8.6.15",
87+
"@storybook/blocks": "^8.6.15",
88+
"@storybook/react": "^8.6.15",
89+
"@storybook/react-vite": "^8.6.15",
90+
"@storybook/test": "^8.6.15",
9191
"@testing-library/jest-dom": "^6.5.0",
9292
"@testing-library/react": "^14.3.1",
9393
"@testing-library/user-event": "^14.5.2",
@@ -115,15 +115,16 @@
115115
"react": "^18.3.1",
116116
"react-dom": "^18.3.1",
117117
"semantic-release": "^23.1.1",
118-
"storybook": "^8.6.12",
118+
"storybook": "^8.6.15",
119119
"typescript": "^5.6.2",
120120
"vite": "^6.4.1",
121121
"vitest": "^4.0.15"
122122
},
123123
"pnpm": {
124124
"overrides": {
125125
"form-data": ">=4.0.4",
126-
"@semantic-release/npm": "13.1.3"
126+
"@semantic-release/npm": "13.1.3",
127+
"undici": "^6.23.0"
127128
}
128129
},
129130
"dependencies": {

0 commit comments

Comments
 (0)