Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Vulnerability on @storybook/addon-docs related with trim

See original GitHub issue

I know that it is not a bug, but I need to report a vulnerability that @storybook/addon-docs has.

The following is the related dependencie tree: @storybook/addon-docs -> @mdx-js/loader -> @mdx-js/mdx -> remark-mdx -> remark-parse -> trim 0.0.1

trim 0.0.1 has a ReDoS vulnerability

Please let me know if you need more information about this. Can you fix this vuln?

Issue Analytics

State:
Created 2 years ago
Reactions:69
Comments:42 (16 by maintainers)

Top GitHub Comments

25reactions

j-jmnzcommented, Sep 30, 2021

Any news on fixing this vulnerability?

21reactions

shilmancommented, Feb 2, 2022

Yup. On it!! @charkour

Top Results From Across the Web

@storybook/addon-docs 6.2.9 vulnerabilities | Snyk

Does your project rely on vulnerable package dependencies? Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities ( ...

Vulnerability on @storybook/addon-docs related with trim ...

I know that it is not a bug, but I need to report a vulnerability that @storybook/addon-docs has. image. The following is the...

How to resolve NPM audit vulnerabilities? - Stack Overflow

After running NPM audit I have identified 5 critical issues. I have tried updating @storybook/addon-essentials ...

storybook-addon-react-docgen

React Docgen is included as part of the @storybook/addon-docs package. If you are using @storybook/addon-docs then you do not need to set up...

@storybook/addon-essentials | Yarn - Package Manager

Important: This documentation covers modern versions of Yarn. For 1.x docs, see classic.yarnpkg.com. Yarn.