fix: upgrade storybook version #595
Conversation
A vulnerability exists in storybook 8.5.0 that bundles the .env file in the static output during the storybook build. This vulnerability is fixed in version 8.6.15. J=VULN-40848 TEST=auto
|
Current unit coverage is 89.86632169038378% |
There was a problem hiding this comment.
Pull request overview
This PR upgrades Storybook from version 8.5.0 to 8.6.15 to address a critical security vulnerability where .env files were being bundled in the static output during Storybook builds. The vulnerability was fixed in version 8.6.15.
Key Changes:
- Upgraded all Storybook packages from 8.5.0 to 8.6.15
- Updated related dependencies in package-lock.json
- Maintained consistency across all Storybook package versions
Reviewed changes
Copilot reviewed 2 out of 5 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package.json | Updated 9 Storybook packages from 8.5.0 to 8.6.15 |
| package-lock.json | Updated dependency tree including Storybook packages and transitive dependencies |
The changes look good overall. The upgrade is properly applied across all Storybook packages with consistent versioning. The package-lock.json reflects the expected dependency updates that come with the Storybook version bump.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Was causing an import error previously because lib/bundle.css did not exist.
Adds a carat before the new storybook version (^8.6.15) so we automatically get new minor & patch version updates. Storybook adheres to semver, so none of the future updates will be breaking changes.
A vulnerability exists in storybook 8.5.0 that bundles the .env file in the static output during the storybook build. This vulnerability is fixed in version 8.6.15.