@storybook/addon-actions is a valuable tool for Storybook users, enabling interactive story development and debugging. The addon logs actions performed within a story, providing developers with clear feedback on user interactions, component behavior, and data flow. This simplifies the process of verifying that components are reacting correctly to user inputs, making it easier to build robust and reliable UIs.
Version 6.1.1 is a minor update compared to version 6.1.0, both maintaining the same core functionality of logging actions in Storybook. While the file count and unpacked size of the packages remain identical, the key distinction lies within the dependencies. Version 6.1.1 updates its internal dependencies to align better with the broader Storybook ecosystem. Specifically, dependencies such as @storybook/api, @storybook/addons, @storybook/theming, @storybook/client-api, @storybook/components and @storybook/core-events increment from version 6.1.0 to 6.1.1. This ensures compatibility and seamless integration within a Storybook environment also at version 6.1.1.
For most developers, upgrading should be straightforward. The update primarily addresses internal consistency and compatibility within the Storybook ecosystem, thereby ensuring longer-term stability and fewer potential conflicts with other addons or core Storybook features. While the core API and usage remain consistent, adopting version 6.1.1 helps in maintaining an up-to-date and well-integrated Storybook development workflow.
All the vulnerabilities related to the version 6.1.1 of the package
Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
