Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update for SB8 #63

Merged
merged 8 commits into from
Feb 16, 2024
Merged

Update for SB8 #63

merged 8 commits into from
Feb 16, 2024

Conversation

JReinhold
Copy link
Collaborator

@JReinhold JReinhold commented Feb 14, 2024

This PR does a lot of maintenance tasks to the template:

  1. Upgrade Node target to 18
  2. Add a nodeEntries bundle entry for bundling presets and other Node-only entries.
  3. Add types exports to preview entries as they might be imported in Portable Stories scenarios.
  4. Upgrade all devDependencies, crucially Storybook and React 18
  5. Convert package to ESM (type = module)

Copy link

socket-security bot commented Feb 14, 2024

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@storybook/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +339 263 MB shilman
npm/@storybook/[email protected] Transitive: environment, eval, filesystem +51 13.9 MB shilman
npm/@storybook/[email protected] environment, eval +7 1.09 MB shilman
npm/@storybook/[email protected] eval Transitive: environment, filesystem, network, shell, unsafe +276 254 MB shilman
npm/@storybook/[email protected] environment Transitive: eval, filesystem +54 18.2 MB shilman
npm/@storybook/[email protected] None +1 111 kB shilman
npm/@storybook/[email protected] environment, network Transitive: eval, filesystem +48 14 MB shilman
npm/@storybook/[email protected] None 0 2.28 MB shilman
npm/@storybook/[email protected] network Transitive: environment, eval, filesystem +40 8.18 MB shilman
npm/@storybook/[email protected] eval, network 0 334 kB shilman
npm/@storybook/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +406 336 MB shilman
npm/@storybook/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +273 276 MB shilman
npm/@storybook/[email protected] environment +10 5.76 MB shilman
npm/@storybook/[email protected] Transitive: environment, eval, filesystem +34 6.19 MB shilman
npm/@types/[email protected] None +4 1.65 MB types
npm/@types/[email protected] None +3 1.62 MB types
npm/@vitejs/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +84 65 MB vitebot
npm/[email protected] environment, filesystem, unsafe 0 8.39 MB prettier-bot
npm/[email protected] environment +4 4.93 MB gnoff
npm/[email protected] environment +2 337 kB gnoff
npm/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +612 285 MB shilman
npm/[email protected] environment, eval, filesystem Transitive: network, shell, unsafe +146 302 MB egoist
npm/[email protected] None 0 32 MB typescript-bot
npm/[email protected] environment, eval, filesystem, network, shell, unsafe +22 54 MB vitebot

🚮 Removed packages: npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@vitejs/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

Copy link

socket-security bot commented Feb 14, 2024

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/@storybook/[email protected], npm/@storybook/[email protected], npm/@storybook/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@JReinhold JReinhold marked this pull request as ready for review February 14, 2024 22:33
@JReinhold JReinhold requested a review from ndelangen February 14, 2024 22:33
@ndelangen
Copy link
Member

ndelangen commented Feb 15, 2024

@JReinhold Convert package to type=module seems like a possibly disruptive change, and I'd question if SB8 presets loading would support that fully.

It could very well work.. But before proceeding to merge this, please try it out in detail.

If you create a dummy addon that uses a preset, does storybook correctly load it?

@JReinhold
Copy link
Collaborator Author

Tested this out extensively with @ndelangen and we concluded that everything works and we can even clean up a bunch of files because of it.

@ndelangen
Copy link
Member

@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/[email protected]
@SocketSecurity ignore npm/@storybook/[email protected]
@SocketSecurity ignore npm/@storybook/[email protected]
@SocketSecurity ignore npm/@storybook/[email protected]

scripts/welcome.js Outdated Show resolved Hide resolved
scripts/welcome.js Outdated Show resolved Hide resolved
scripts/welcome.js Outdated Show resolved Hide resolved
scripts/welcome.js Outdated Show resolved Hide resolved
@ndelangen ndelangen added the enhancement New feature or request label Feb 16, 2024
@JReinhold JReinhold merged commit cf0875f into main Feb 16, 2024
2 of 3 checks passed
@JReinhold JReinhold deleted the improve-bundling branch February 16, 2024 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants