WIP: [PSL-1380] Security vulnerabilities fixed by upgrading Storybook to v7 #18

vbartonicek · 2022-12-21T04:50:35Z

Before:

What I did:

Did automatic upgrade to Storybook 7.0.0-beta.13 by running npx storybook@next upgrade --prerelease
Rewrote custom story sort as described in https://github.com/storybookjs/storybook/blob/next/MIGRATION.md#v7-style-story-sort
Installed Webpack as dev dependency by running npm install --save-dev webpack to tackle following issue - Storybook build fails with "Cannot find module 'webpack/lib/util/makeSerializable.js" after upgrading storybook packages to 6.3.0 storybookjs/storybook#15336
Deleted node-modules & package-lock.json and ran npm install to get rid of glob-parent <5.1.2 vulnerability which couldn't be fixed by npm audit fix

Resources:
Storybook 7.0 beta - https://storybook.js.org/blog/7-0-beta/
Storybook 7 migration guide - https://chromatic-ui.notion.site/Storybook-7-migration-guide-dbf41fa347304eb2a5e9c69b34503937

linear · 2022-12-21T04:50:37Z

I just cloned the repo and running npm install reported 22 vulnerabilities.

Business Outcome:

As an Engineer I want to make sure our dependencies are up-to-date so that our repo's security&stability is increased.

Definition of done:

Additional Notes:

Some packages are deprecated and need a major update, e.g.

Screenshot

Screen Shot 2022-11-15 at 9.37.05 AM.png

vbartonicek added 3 commits December 20, 2022 20:26

Storybook - automatic upgrade to v7

0ac56d5

Storybook migration fixes

e1ab457

npm install

a85b95a

vbartonicek closed this Dec 21, 2022

vbartonicek deleted the psl-1380-update-npm-dependencies-and-fix branch December 21, 2022 05:16

Provide feedback