@storybook/addon-actions version 6.1.0 introduces several updates compared to the previous stable version, 6.0.28, offering developers enhanced functionality and improved compatibility. A key change lies in the peer dependencies. Version 6.1.0 explicitly defines supported React versions as "^16.8.0 || ^17.0.0", providing clearer guidance for users and potentially preventing conflicts. In contrast, version 6.0.28 had a broader peer dependency specification for react-dom denoted as "*", which lacks specificity.
The dependency updates also present notable changes. The newer version upgrades @storybook/* packages (api, addons, theming, client-api, components, core-events) from 6.0.28 to 6.1.0, aligning with the core Storybook ecosystem updates. Furthermore, regenerator-runtime is updated from 0.13.3 to 0.13.7, and ts-dedent sees an upgrade from 1.1.1 to 2.0.0. These updates likely incorporate bug fixes, performance improvements, and new features from their respective libraries. While React was previously listed as a direct dependency in version 6.0.28, version 6.1.0 correctly moves it to peerDependencies, reflecting its role in the Storybook environment.
Developers using @storybook/addon-actions benefit from a streamlined action logger that simplifies how user interactions with components are displayed in Storybook. The upgrade to 6.1.0 ensures compatibility with the latest Storybook features and React versions while incorporating necessary updates from underlying dependencies.
All the vulnerabilities related to the version 6.1.0 of the package
Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
