[Bug]: High vulnerabilities in Storybook 7.5.0 when used #26011
Description
We have identified high-severity vulnerabilities in projects using Storybook version "^7.5.0" alongside TypeScript version 5. The issue arises when integrating the latest TypeScript with Storybook, potentially affecting the security and stability of the development environment. These vulnerabilities could compromise the application's security or affect its functionality, posing a significant risk to projects using this configuration.
To Reproduce
Initialize a new project with Storybook "^7.5.0" and TypeScript "^5.0.0".
Configure TypeScript according to the recommended setup for use with Storybook.
Run a security audit using npm audit or another vulnerability scanning tool.
Observe the reported vulnerabilities directly related to the Storybook and TypeScript integration.
Expected Behavior:
Using Storybook with TypeScript should not introduce high-severity vulnerabilities into the project. The integration should be secure and stable, allowing developers to leverage both tools' features without compromising security.
Actual Behavior:
The security audit reveals high-severity vulnerabilities when Storybook "^7.5.0" is used in conjunction with TypeScript v5. These vulnerabilities could lead to potential security risks for the project.
Screenshots/Logs:
System
Storybook Environment Info:
System:
OS: Linux 5.15 Ubuntu 20.04.6 LTS (Focal Fossa)
CPU: (12) x64 12th Gen Intel(R) Core(TM) i7-1255U
Shell: 5.0.17 - /bin/bash
Binaries:
Node: 20.10.0 - ~/.nvm/versions/node/v20.10.0/bin/node
Yarn: 1.22.19 - /usr/bin/yarn
npm: 10.2.3 - ~/.nvm/versions/node/v20.10.0/bin/npm <----- active
Browsers:
Chrome: 121.0.6167.160
npmPackages:
@storybook/addon-a11y: ^7.5.0 => 7.6.13
@storybook/addon-actions: ^7.5.0 => 7.6.13
@storybook/addon-backgrounds: ^7.5.0 => 7.6.13
@storybook/addon-controls: ^7.5.0 => 7.6.13
@storybook/addon-coverage: ^0.0.9 => 0.0.9
@storybook/addon-designs: ^7.0.7 => 7.0.9
@storybook/addon-docs: ^7.5.0 => 7.6.13
@storybook/addon-interactions: ^7.5.1 => 7.6.13
@storybook/addon-links: ^7.5.0 => 7.6.13
@storybook/addon-measure: ^7.5.0 => 7.6.13
@storybook/addon-outline: 7.5.0 => 7.5.0
@storybook/addon-storyshots: ^7.5.0 => 7.6.13
@storybook/addon-storysource: ^7.5.0 => 7.6.13
@storybook/addon-themes: ^7.5.3 => 7.6.13
@storybook/addon-viewport: ^7.5.0 => 7.6.13
@storybook/jest: ^0.2.3 => 0.2.3
@storybook/preview-api: ^7.5.0 => 7.6.13
@storybook/react-webpack5: ^7.5.1 => 7.6.13
@storybook/test-runner: ^0.16.0 => 0.16.0
@storybook/testing-library: ^0.2.2 => 0.2.2
storybook: ^7.5.0 => 7.6.13Additional context
my packages list
├── @babel/[email protected]
├── @babel/[email protected]
├── @babel/[email protected]
├── @babel/[email protected]
├── @emotion/[email protected]
├── @emotion/[email protected]
├── @emotion/[email protected]
├── @emotion/[email protected]
├── @mui/[email protected]
├── @mui/[email protected]
├── @mui/[email protected]
├── @mui/[email protected]
├── @react-pdf-viewer/[email protected]
├── @react-pdf-viewer/[email protected]
├── @rollup/[email protected]
├── @rollup/[email protected]
├── @rollup/[email protected]
├── @rollup/[email protected]
├── @rollup/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @storybook/[email protected]
├── @svgr/[email protected]
├── @svgr/[email protected]
├── @svgr/[email protected]
├── @testing-library/[email protected]
├── @testing-library/[email protected]
├── @testing-library/[email protected]
├── @testing-library/[email protected]
├── @types/[email protected]
├── @types/[email protected]
├── @types/[email protected]
├── @types/[email protected]
├── @types/[email protected]
├── @types/[email protected]
├── @types/[email protected]
├── @typescript-eslint/[email protected]
├── @typescript-eslint/[email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
├── [email protected]
└── [email protected]