has transitive dependencies with a CVE vulnerability

Question

has transitive dependencies with a CVE vulnerability

Opened this issue 3 years ago · 0 comments

This package depends on @storybook/components@5.3.21 following the dependency chain this pull is vulnerable versions of highlight.js: GHSA-7wwv-vh3v-89cq & GHSA-vfrc-7r7c-w9mx. Updating to the last version of @storybook/components will fix this

Updating this wil also remove the dependency on a vulnerable version of prismjs GHSA-hqhp-5p83-hx96.

Do you accept a PR? I can always try to fix this!