7.0.15 patch release #22705

shilman · 2023-05-23T16:28:20Z

Bug Fixes

UI: Fix .mp3 support for builder-manager #22699
Vite: Fix missing @storybook/global dependency #22700
NextJS: Fix compatibility with Next 13.4.3 #22697

Next.js: add compatibility with Next 13.4.3

…r-builder UI: Fix `.mp3` support for builder-manager

…al-dep Vite: Fix missing @storybook/global dependency

socket-security · 2023-05-23T16:34:07Z

New dependency changes detected. Learn more about Socket for GitHub ↗︎

🚨 Potential security issues found in this pull request. To accept the risk, merge this PR and you will not be notified again.

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore tty-browserify@0.0.1
@SocketSecurity ignore assert@2.0.0

⚠️ New author

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

Package	New Author	Previous Author	Source
tty-browserify@0.0.1 (added)	goto-bus-stop	substack	`code/frameworks/nextjs/package.json` via node-polyfill-webpack-plugin@2.0.1
assert@2.0.0 (added)	lukechilds	goto-bus-stop	`code/frameworks/nextjs/package.json` via node-polyfill-webpack-plugin@2.0.1

Pull request alert summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script confusion	✅ 0 issues
Bin script shell injection	✅ 0 issues
Shell access	✅ 0 issues
Uses eval	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
GitHub dependency	✅ 0 issues
New author	⚠️ 2 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

📊 Modified Dependency Overview:

➕ Added Package	Capability Access	`+/-` Transitive Count	Publisher
node-polyfill-webpack-plugin@2.0.1	network	`+7`	richienb

ndelangen and others added 4 commits May 24, 2023 00:24

Merge pull request #22697 from storybookjs/fix/nextjs-node-polyfills

6e2cf25

Next.js: add compatibility with Next 13.4.3

Merge pull request #22699 from storybookjs/norbert/mp3-support-manage…

b6c9824

…r-builder UI: Fix `.mp3` support for builder-manager

Merge pull request #22700 from storybookjs/norbert/add-storybook-glob…

6653d49

…al-dep Vite: Fix missing @storybook/global dependency

7.0.15 changelog

d62ed42

shilman changed the title ~~Merge pull request #22697 from storybookjs/fix/nextjs-node-polyfills~~ 7.0.15 patch release May 23, 2023

shilman added maintenance User-facing maintenance tasks ci:merged Run the CI jobs that normally run when merged. labels May 23, 2023

shilman mentioned this pull request May 23, 2023

7.0.15 patch release #22704

Closed

shilman merged commit db6ca60 into main May 23, 2023
97 of 99 checks passed

shilman deleted the main-prerelease branch May 23, 2023 16:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

7.0.15 patch release #22705

7.0.15 patch release #22705

shilman commented May 23, 2023

socket-security bot commented May 23, 2023

7.0.15 patch release #22705

7.0.15 patch release #22705

Conversation

shilman commented May 23, 2023

Bug Fixes

socket-security bot commented May 23, 2023