@storybook/addon-actions versions 6.1.12 and 6.1.11 are closely related, representing incremental updates to this valuable Storybook addon for capturing and displaying UI interactions. Both versions share a core set of dependencies, including those crucial for unique ID generation (uuid), managing global context (global), utility functions (lodash), polyfilling (core-js), styling (polished), string formatting (ts-dedent), type validation (prop-types), and deep equality checks (fast-deep-equal). They, of course, both rely heavily on Storybook's internal APIs and components for seamless integration (@storybook/*). Developers upgrading from 6.1.11 to 6.1.12 will find the developer tooling dependencies such as @types/uuid, @types/lodash, and @types/webpack-env remain unchanged. The peer dependencies also specify identical version compatibility with React and React DOM, ensuring consistent support for these frameworks. The essential difference lies in the release date and potentially very minor bug fixes or internal improvements reflected in the slightly increased unpacked size of 6.1.12. For developers, this means that upgrading is likely seamless, but they should still refer to the official changelog to confirm that there are no significant breaking changes. The addon-actions library empowers developers to easily track and visualize actions triggered within their Storybook stories, facilitating better debugging and a clearer understanding of component behavior. If you are starting a new project the latest stable version should always be prefered.
All the vulnerabilities related to the version 6.1.12 of the package
Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
