Skip to content

VULN UPGRADE: major upgrades — 26 packages (major: 11 · unstable: 1 · minor: 7 · patch: 7) #20

Closed
campaigner-prod[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/major/npm/2-1770992863
Closed

VULN UPGRADE: major upgrades — 26 packages (major: 11 · unstable: 1 · minor: 7 · patch: 7) #20
campaigner-prod[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/major/npm/2-1770992863

Conversation

@campaigner-prod
Copy link
Copy Markdown

@campaigner-prod campaigner-prod Bot commented Feb 13, 2026

Summary: High-severity security update — 26 packages upgraded (MAJOR changes included)

Manifests changed:

  • . (npm)

Updates

Package From To Type Vulnerabilities Fixed
storybook 8.6.11 8.6.15 patch 2 HIGH
chalk 4.1.2 5.6.2 major -
eslint-plugin-playwright 0.15.3 2.5.1 major -
eslint-plugin-storybook 0.8.0 10.2.7 major -
eslint-plugin-svelte 2.46.1 3.14.0 major -
eslint-plugin-vitest 0.2.8 0.5.4 major -
postcss-cli 9.1.0 11.0.1 major -
postcss-import 14.1.0 16.1.1 major -
postcss-load-config 3.1.4 6.0.1 major -
stylelint-config-recommended 13.0.0 18.0.0 major -
stylelint-config-standard 34.0.0 40.0.0 major -
svelte-eslint-parser 0.43.0 1.4.1 major -
yargs 17.7.2 18.0.0 major -
@storybook/icons 1.4.0 1.6.0 minor -
eslint 8.47.0 8.57.1 minor -
react 18.2.0 18.3.1 minor -
react-dom 18.2.0 18.3.1 minor -
rimraf 4.3.1 4.4.1 minor -
stylelint 15.10.3 15.11.0 minor -
typescript 5.2.2 5.9.3 minor -
fast-glob 3.3.1 3.3.3 patch -
postcss 8.5.3 8.5.6 patch -
prettier 3.5.1 3.5.3 patch -
svelte 5.25.5 5.25.12 patch -
tslib 2.4.0 2.4.1 patch -
vitest 3.1.1 3.1.4 patch -

Packages marked with "-" are updated due to dependency constraints.

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (2 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
storybook GHSA-8452-54wp-rmv6 HIGH Storybook manager bundle may expose environment variables during build 8.6.11 7.6.21
storybook CVE-2025-68429 HIGH Storybook manager bundle may expose environment variables during build 8.6.11 -

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot closed this Mar 1, 2026
@campaigner-prod campaigner-prod Bot deleted the engraver-auto-version-upgrade/major/npm/2-1770992863 branch March 1, 2026 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-high-severity adms-major-update adms-mode-all-updates adms-npm campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants