@storybook/addon-actions is a vital tool for Storybook developers, providing immediate UI feedback when users interact with components. Version 6.1.19, released on February 23, 2021, builds upon the solid foundation of version 6.1.18, released just prior on February 14, 2021.
While the core functionality remains the same – enabling developers to easily track and display triggered actions within their stories—the key difference lies in the internal dependencies of the package, ensuring tight synchronisation with the ecosystem. Both versions share common dependencies like uuid, lodash, core-js, and polished, crucial for the addon's functionality. Critically, the newer versions include updates in the core @storybook/* packages, such as @storybook/api, @storybook/addons, @storybook/theming, @storybook/client-api, @storybook/components, and @storybook/core-events.
Essentially, upgrading to 6.1.19 ensures compatibility and improved stability within a Storybook environment already running on version 6.1.x. Developers can expect seamless integration with other Storybook components, fewer potential conflicts, and enhanced performance stemming from these dependency updates . The peer dependencies on React and React-DOM remain consistent across both versions, indicating no breaking changes regarding the React ecosystem. For developers already using Storybook 6.1.x, upgrading to @storybook/addon-actions 6.1.19 is a recommended approach to use the most consistent stack.
All the vulnerabilities related to the version 6.1.19 of the package
Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
