Skip to content

Addon-docs: Remove mdx1-csf as optional peer dep #22038

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 12, 2023
Merged

Addon-docs: Remove mdx1-csf as optional peer dep #22038

merged 5 commits into from
Apr 12, 2023
+26 −467

Conversation

shilman
Copy link
Member

@shilman shilman commented Apr 12, 2023

Closes #21935

What I did

Remove mdx1-csf as optional peer dep. This will break strict package manager support for MDX1 (yarn pnp, pnpm) but will eliminate the security warnings for npm users, who are our largest user population by far).

How to test

In a sandbox:

  • Install @storybook/mdx1-csf as a dev dependency
  • Set features.legacyMdx1 = true in main.js
  • Run the Storybook
  • Observe that the an MDX2 expression (e.g. {1 + 1} inlined) is not evaluated

shilman added 3 commits April 12, 2023 16:56
@shilman
Externalize mdx1-csf for tsup

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
bee89b6
@shilman
Fix linting
eb3b713
@shilman
Builder-vite: Remove mdx1-csf as dev dependency also
879ac07
@shilman shilman added the patch:yes Bugfix & documentation PR that need to be picked to main branch label Apr 12, 2023
@socket-security
Copy link

New dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script confusion ✅ 0 issues
Bin script shell injection ✅ 0 issues
Shell access ✅ 0 issues
Uses eval ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
GitHub dependency ✅ 0 issues
New author ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

🚮 Removed packages: @babel/core@7.12.9, @storybook/mdx1-csf@1.0.0

shilman
shilman commented Apr 12, 2023
View reviewed changes
Copy link
Member Author

@shilman shilman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self-merging @ndelangen

@shilman shilman merged commit abeb853 into next Apr 12, 2023
@shilman shilman deleted the shilman/21935-remove-mdx1-peer-dep branch April 12, 2023 10:10
@shilman shilman mentioned this pull request Apr 12, 2023
Closed
shilman added a commit that referenced this pull request Apr 12, 2023
@shilman
Merge pull request #22038 from storybookjs/shilman/21935-remove-mdx1-…
38991b6 
…peer-dep

Addon-docs: Remove mdx1-csf as optional peer dep
@shilman shilman added the patch:done Patch/release PRs already cherry-picked to main/release branch label Apr 15, 2023
@shilman shilman mentioned this pull request May 22, 2023
Merged
@dannyhw dannyhw mentioned this pull request Feb 5, 2024
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies patch:done Patch/release PRs already cherry-picked to main/release branch patch:yes Bugfix & documentation PR that need to be picked to main branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Remove mdx1-csf as addon-docs peer dependency
1 participant
@shilman