Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Patch 7.0.21 #23012

Merged
merged 32 commits into from Jun 15, 2023
Merged

Release: Patch 7.0.21 #23012

merged 32 commits into from Jun 15, 2023

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jun 9, 2023
edited by kasperpeulen

This is an automated pull request that bumps the version from 7.0.20 to 7.0.21.
Once this pull request is merged, it will trigger a new release of version 7.0.21.
If you're not a core maintainer with permissions to release you can ignore this pull request.

To do

Before merging the PR, there are a few QA steps to go through:

  • Add the "freeze" label to this PR, to ensure it doesn't get automatically forced pushed by new changes.

And for each change below:

  1. Ensure the change is appropriate for the version bump. E.g. patch release should only contain patches, not new or de-stabilizing features. If a change is not appropriate, revert the PR.
  2. Ensure the PR is labeled correctly with one of: "BREAKING CHANGE", "feature request", "bug", "maintenance", "dependencies", "documentation", "build", "unknown".
  3. Ensure the PR title is correct, and follows the format "[Area]: [Summary]", e.g. "React: Fix hooks in CSF3 render functions". If it is not correct, change the title in the PR.
    • Areas include: React, Vue, Core, Docs, Controls, etc.
    • First word of summary indicates the type: “Add”, “Fix”, “Upgrade”, etc.
    • The entire title should fit on a line

This is a list of all the PRs merged and commits pushed directly to next, that will be part of this release:

  • 🐛 Bug: Core: Fix builder-manager adding multiple dashes to relative path #22974
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Release: Fix release and changelog generation #23016
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: CLI: Improve steps in storybook init #22502
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📝 Documentation: Docs: Simplify migration-guide #22986
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📝 Documentation: Docs: Add ArgTypes API reference #22970
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📝 Documentation: Docs: Clarify APIs of Controls doc block/addon/argTypes #23058
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Build: Fix E2E and chromatic inconsistencies #23051
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Build: Use local registry for all packages #23066
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: Angular: Fix ivy preset #23070
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: Web-components: Fix custom-elements order of property application #19183
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📝 Documentation: Chore: (Docs) Removes references to outdated APIs and packages #22856
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Build: Upgrade playwright to 1.35.0 #22992
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📦 Dependencies: Dependencies: Set vue-component-type-helpers to latest #23015
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Release tooling: Fix pick patches script #23043
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Release tooling: Give the full commit hash to the github API #23046
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: Angular: Fix 16.1 compatibility #23064
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: Vue3: Fix source decorator to generate correct story code #22518
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🔧 Maintenance: Core: Improve of={...} DocBlock error in story index #22782
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: CLI: Skip builder selection for react native #23042
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct

🍒 Manual cherry picking needed!

The following pull requests could not be cherry-picked automatically because it resulted in merge conflicts.
For each pull request below, you need to either manually cherry pick it, or discard it by removing the "patch" label from the PR and re-generate this PR.

  • #23051: git cherry-pick -m1 -x d00fe882583e80742a620566771e106de9a7743e
  • #23066: git cherry-pick -m1 -x 3b801a6921bcd7c46db3b3a8ac67866d60337dac
  • #19183: git cherry-pick -m1 -x abfc677253bcd7ddb05c3a05ba34486dfcc974fe
  • #22856: git cherry-pick -m1 -x 1c3d36987dcc925d70a9959e496ad8ef5ec61258
  • #22992: git cherry-pick -m1 -x 10e6a6791a2e2262c5063bcbee894babcb00ba56
  • #23015: git cherry-pick -m1 -x 9630bdd1622ba0533948445c22b96164c865d965
  • #23043: git cherry-pick -m1 -x 755f25739c870e8a00b03d69ed145bb2eb0c2ce1
  • #23046: git cherry-pick -m1 -x de18fccdb6571c1a54f8177f125059cfa21bda48
  • #22782: git cherry-pick -m1 -x ec249113e0890ea0935ff8c6f56e8923c107e7eb

If you've made any changes doing the above QA (change PR titles, revert PRs), manually trigger a re-generation of this PR with this workflow and wait for it to finish. It will wipe your progress in this to do, which is expected.

When everything above is done:

Generated changelog

7.0.21

ndelangen and others added 12 commits June 9, 2023 12:56
@ndelangen @kasperpeulen
Merge pull request #22992 from storybookjs/shilman/upgrade-playwright
40e1e88 
Build: Upgrade playwright to 1.35.0
@ndelangen @kasperpeulen
Merge pull request #22998 from storybookjs/norbert/playwright-fix
d09dda9 
Build: Remove `playwright` and `playwright-core`, but keep the resolutions
@ndelangen @kasperpeulen
Merge pull request #22996 from storybookjs/norbert/upgrade-addon-bench
b9bc611 
Build: Fix CI with conflicting playwright version
@kasperpeulen
Merge pull request #22999 from storybookjs/kasper/playwright-main
73ebe47 
Build: Fix playwright issues on main
@kasperpeulen
Merge pull request #22959 from storybookjs/new-release-tooling
554e781 
Release: New release tooling
@JReinhold @kasperpeulen
Merge pull request #22990 from storybookjs/next-debug
af1d234 
Release: Fix minor scripts and workflows
@JReinhold @kasperpeulen
Merge pull request #22997 from storybookjs/fix-release-publish
dde5e60 
Release: Rework versioning command
@JReinhold @kasperpeulen
Merge pull request #23003 from storybookjs/fix-publish-script
0eafd2d 
Release: Don't pick patches when prereleasing
@JReinhold @kasperpeulen
Merge pull request #23004 from storybookjs/minor-release-fixes
7abe91b 
Release: Don't reference prototype repository
@kasperpeulen
Merge pull request #23006 from storybookjs/use-token-for-publish
571eeb7 
Release: Fix permissions for publish script
@kasperpeulen
Merge pull request #23009 from storybookjs/escape-pr-description
85b2908 
Release: Fix not escaping content of GH Releases
@kasperpeulen
Merge pull request #23008 from storybookjs/release-tooling-for-main
f5cf05f 
Build: Release tooling for main
@socket-security
Copy link

socket-security bot commented Jun 9, 2023
edited

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue Package Version Note Source
Network access tunnel 0.0.6 scripts/package.json via @actions/core@1.10.0
Network access @actions/http-client 2.1.0 scripts/package.json via @actions/core@1.10.0
Network access @gitbeaker/node 21.7.0 scripts/package.json via danger@11.2.6
Network access got 11.8.6 scripts/package.json via danger@11.2.6
Network access cacheable-lookup 5.0.4 scripts/package.json via danger@11.2.6
New author clone-response 1.0.3 scripts/package.json via danger@11.2.6
New author responselike 2.0.1 scripts/package.json via danger@11.2.6
Shell access simple-git 3.19.0 scripts/package.json

Next steps

What is network access?

This module accesses the network.

Packages should remove all network access that isn't functionally unnecessary. Consumers should audit network access to ensure legitimate use.

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore clone-response@1.0.3
  • @SocketSecurity ignore responselike@2.0.1
  • @SocketSecurity ignore simple-git@3.19.0
  • @SocketSecurity ignore tunnel@0.0.6
  • @SocketSecurity ignore @actions/http-client@2.1.0
  • @SocketSecurity ignore @gitbeaker/node@21.7.0
  • @SocketSecurity ignore got@11.8.6
  • @SocketSecurity ignore cacheable-lookup@5.0.4

@socket-security
Copy link

socket-security bot commented Jun 9, 2023
edited

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives1 Size Publisher
danger 🆕 11.2.6 environment +20 3.75 MB orta
vue-component-type-helpers 🆕 1.6.5 None +0 3.94 kB johnsoncodehk
p-retry 🆕 5.1.2 None +1 20.6 kB sindresorhus
wait-on 🆕 7.0.1 None +1 480 kB jeffbski
@actions/core 🆕 1.10.0 network, filesystem, environment +2 209 kB thboop
dataloader 🆕 2.2.2 None +0 62.2 kB saihaj
jest-mock-extended 🆕 3.0.4 None +1 144 kB marchaos
simple-git 🆕 3.19.0 filesystem, shell +2 898 kB steveukx
@playwright/test ⬆️ 1.32.3...1.35.0 None +1/-1 10 MB aslushnikov

🚮 Removed packages: @storybook/addon-actions@7.0.20, @storybook/addon-controls@7.0.20, @storybook/addon-docs@7.0.20, @storybook/addon-highlight@7.0.20, @storybook/addon-measure@7.0.20, @storybook/addon-outline@7.0.20, @storybook/addon-storyshots@7.0.20, @storybook/addon-toolbars@7.0.20, @storybook/addon-viewport@7.0.20, @storybook/blocks@7.0.20, @storybook/builder-vite@7.0.20, @storybook/csf-plugin@7.0.20, @storybook/html@7.0.20, @storybook/postinstall@7.0.20, @storybook/preact@7.0.20, @storybook/preset-html-webpack@7.0.20, @storybook/preset-preact-webpack@7.0.20, @storybook/preset-react-webpack@7.0.20, @storybook/preset-server-webpack@7.0.20, @storybook/preset-svelte-webpack@7.0.20, @storybook/preset-vue-webpack@7.0.20, @storybook/preset-vue3-webpack@7.0.20, @storybook/preset-web-components-webpack@7.0.20, @storybook/preview-web@7.0.20, @storybook/server@7.0.20, @storybook/source-loader@7.0.20, @storybook/svelte@7.0.20, @storybook/svelte-vite@7.0.20, @storybook/web-components@7.0.20, playwright@1.32.3

Footnotes

  1. https://docs.socket.dev

@github-actions github-actions bot changed the title Merge patches to main Bump version on main: patch from 7.0.20 to 7.0.21 Jun 13, 2023
@kasperpeulen kasperpeulen added the ci:daily Run the CI jobs that normally run in the daily job. label Jun 13, 2023
@github-actions github-actions bot force-pushed the version-patch-from-7.0.20 branch 2 times, most recently from c88dd11 to 3f37160 Compare June 13, 2023 14:44
@shilman shilman added the freeze Freeze the Release PR with this label label Jun 13, 2023
@kasperpeulen kasperpeulen removed the ci:daily Run the CI jobs that normally run in the daily job. label Jun 13, 2023
@github-actions github-actions bot force-pushed the version-patch-from-7.0.20 branch 4 times, most recently from 4bb74d8 to 5658592 Compare June 14, 2023 09:35
@kasperpeulen
Merge pull request #23066 from storybookjs/kasper/use-local-registry-…
3c73620 
…for-all-packages

Build: Use local registry for all packages
@shilman shilman added freeze Freeze the Release PR with this label and removed freeze Freeze the Release PR with this label labels Jun 14, 2023
@shilman shilman added freeze Freeze the Release PR with this label ci:merged Run the CI jobs that normally run when merged. and removed ci:pr labels Jun 14, 2023
@kasperpeulen
Merge pull request #23071 from storybookjs/kasper/trigger-circle-ci-g…
d09e3a1 
…ithub-bot

Release tooling: Trigger circle CI on pushes by github action bot
ndelangen and others added 8 commits June 14, 2023 15:23
@ndelangen @github-actions
Merge pull request #22974 from MarioCadenas/fix/build-manager-path-ge…
7ac2918 
…neration

fix: Build manager adding multiple dashes to relative path
(cherry picked from commit 7f1ffa7)
@JReinhold @github-actions
Merge pull request #23016 from storybookjs/release-dependencies-label
66f8fc1 
Release: Fix release and changelog generation
(cherry picked from commit b50a3b5)
@yannbf @github-actions
Merge pull request #22502 from storybookjs/feat/generate-files-later-…
0b3a6c9 
…in-init

CLI: Improve steps in storybook init
(cherry picked from commit b50aa50)
@jonniebigodes @github-actions
Merge pull request #22986 from storybookjs/simplify-migration-guide-cli
d93779e 
Docs: Simplify `migration-guide`
(cherry picked from commit 28197ea)
@kylegach @github-actions
Merge pull request #22970 from storybookjs/api-reference-arg-types
aea6855 
Docs: Add ArgTypes API reference
(cherry picked from commit e39cc9f)
@jonniebigodes @github-actions
Merge pull request #23058 from storybookjs/api-ref-doc-block-controls…
9db12dc 
…-install-addon

Docs: Clarify APIs of Controls doc block/addon/argTypes
(cherry picked from commit 893b4a8)
@ndelangen @github-actions
Merge pull request #23070 from storybookjs/norbert/angular-fix-16.1-s…
bbfbe37 
…ome-more

Bug: Fix angular ivy-preset
(cherry picked from commit 0c0e0d0)
@ndelangen @github-actions
Merge pull request #23064 from storybookjs/norberyt/fix-angular-16-1
c4eeadc 
Bug: Fix for angular 16.1 compatibility
(cherry picked from commit 4f0c895)
kasperpeulen and others added 7 commits June 14, 2023 19:32
@kasperpeulen
Merge pull request #23042 from storybookjs/fix/cli-rn-skip-ask-for-bu…
d34cdcc 
…ilder

CLI: Skip builder selection for react native
(cherry picked from commit 8b9ffc7)
@github-actions @kasperpeulen
Bump version from 7.0.20 to 7.0.21
01e60aa
@shilman @kasperpeulen
Merge pull request #23051 from storybookjs/fix/viewports-e2e-test
ac1af48 
Build: Fix E2E and chromatic inconsistencies
(cherry picked from commit d00fe88)
@shilman @kasperpeulen
Merge pull request #19183 from sonntag-philipp/sonntag-philipp/issues…
7e80bbd 
…-19167-18858-custom-elements-manifest-update

Web-components: Fix custom-elements order of property application
(cherry picked from commit abfc677)
@jonniebigodes @kasperpeulen
Merge pull request #22856 from storybookjs/chore_vet_outdated_refs_docs
7a44840 
Chore: (Docs) Removes references to outdated APIs and packages
(cherry picked from commit 1c3d369)
@ndelangen @kasperpeulen
Merge pull request #22992 from storybookjs/shilman/upgrade-playwright
5f7ad9a 
Build: Upgrade playwright to 1.35.0
(cherry picked from commit 10e6a67)
@ndelangen @kasperpeulen
Merge pull request #23015 from storybookjs/norbert/vue-component-type…
9daeda4 
…-helpers-latest

Dependencies: Set vue-component-type-helpers to latest
(cherry picked from commit 9630bdd)
EdricChan03 added a commit to EdricChan03/material-storybook that referenced this pull request Jun 15, 2023
@EdricChan03
fix: bump Storybook to 7.1.0-alpha*
2ae9b78 
Also bumps RxJS to 7.x

See storybookjs/storybook#23057 and storybookjs/storybook#23064 for more
info

TODO: Rollback to 7.0.21 when storybookjs/storybook#23012 is merged
@kasperpeulen kasperpeulen changed the title Bump version on main: patch from 7.0.20 to 7.0.21 Release: Patch 7.0.21 Jun 15, 2023
@kasperpeulen kasperpeulen merged commit 9a57248 into latest-release Jun 15, 2023
101 of 131 checks passed
@kasperpeulen kasperpeulen deleted the version-patch-from-7.0.20 branch June 15, 2023 08:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ci:merged Run the CI jobs that normally run when merged. freeze Freeze the Release PR with this label maintenance User-facing maintenance tasks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@shilman @kasperpeulen @ndelangen @JReinhold @yannbf @jonniebigodes @kylegach