[Snyk] Security upgrade @storybook/react from 5.3.18 to 6.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/react

The new version differs by 250 commits.

• b97e2ee v6.0.0
• de37d6f Update root, peer deps to 6.0.0
• ba55375 6.0.0 changelog
• 30d685c Merge pull request #11877 from storybookjs/chore_add_api_section_snippets
• e9ec609 Merge pull request #11882 from storybookjs/add_faq_to_docs
• 7096da8 Merge pull request #11872 from storybookjs/chore_add_workflow_snippets
• c55b61d Merge pull request #11881 from storybookjs/add-readmes-for-deprecated-content
• f899683 adds faq to the documentation
• ab88075 Add deprecated docs to monorepo
• fe3b3e0 Merge branch 'next' into chore_add_api_section_snippets
• 6eee72c Merge branch 'next' into chore_add_workflow_snippets
• d8180f0 component-story-with-query was adjusted.
• 7a34522 Merge pull request #11867 from storybookjs/add-install-snippet
• 1a8351e Merge pull request #11878 from storybookjs/documentation_snippets_updates
• e680f98 Merge pull request #11876 from storybookjs/docs/preview-entries
• 313a8b7 TS => js
• d063351 Merge pull request #11880 from storybookjs/6.0-docs-tweaks
• fbdf836 fix broken markdown
• 5bddd6f updates per feedback
• 2581f63 api section feedback changes
• 9daa2b7 Merge pull request #11879 from storybookjs/remove-angular-dummy-snippet
• 483a8cf Remove angular dummy snippet
• 714076b removes the shell and json file references.
• 99aa694 initial snippets for api section

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
0b79b9a0-db0c-11ec-8ffb-2f709661ce84

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[guardrails]

⚠️ We detected 6 security issues in this pull request:

Mode: paranoid | Total findings: 6 | Considered vulnerability: 6

Vulnerable Libraries (6)

Severity	Details
Medium	browserslist@4.5.4 (t) - no patch available
High	path-parse@1.0.6 (t) - no patch available
High	yargs-parser@11.1.1 (t) - no patch available
High	y18n@3.2.1 (t) - no patch available
Medium	@storybook/react@6.0.0 upgrade to: >=6.5.4
High	ansi-regex@4.1.0 (t) upgrade to: 3.0.0 || >4.1.0 || 5.0.0

More info on how to fix Vulnerable Libraries in General and JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.