has transitive dependencies with a CVE vulnerability
Opened this issue · 0 comments
vdhpieter commented
This package depends on @storybook/components@5.3.21
following the dependency chain this pull is vulnerable versions of highlight.js
: GHSA-7wwv-vh3v-89cq & GHSA-vfrc-7r7c-w9mx. Updating to the last version of @storybook/components
will fix this
Updating this wil also remove the dependency on a vulnerable version of prismjs GHSA-hqhp-5p83-hx96.
Do you accept a PR? I can always try to fix this!