@storybook/addon-actions version 6.1.10 is a minor update from 6.1.9, both serving as crucial tools for Storybook users to log and display action events within their stories. These addons enable developers to easily verify that UI components are triggering the correct actions when interacted with. Key features include clear action logging with formatted output, aiding in debugging and ensuring components behave as expected. Both versions support a wide range of dependencies vital for Storybook's functionality, such as @storybook/api, @storybook/addons, and @storybook/components, all essential for seamless integration within the Storybook ecosystem. Developers employing React will find the peer dependencies on React and React DOM accommodating versions 16.8.0 and 17.0.0.
The main difference between the two resides primarily in the updated versions for internal Storybook packages. Version 6.1.10 upgrades these packages to their corresponding 6.1.10 releases, while 6.1.9 relies on the 6.1.9 versions. Although the changes may be incremental, updating to the latest version ensures access to the most recent bug fixes, performance improvements, and potentially new features within the broader Storybook environment. The unpackedSize shows a negligible increase between the two versions indicating no major changes but a possible update in the build process, or minimal code adjustments. The releaseDate is also interesting, with version 6.1.10 being released approximately 5 days after 6.1.9, implying a quick follow-up release addressing potential issues or including small enhancements discovered soon after the initial release.
All the vulnerabilities related to the version 6.1.10 of the package
Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
