@storybook/addon-actions is a valuable tool for Storybook developers, enabling them to easily display and inspect action calls within their stories. Versions 6.1.5 and 6.1.4 both serve this purpose effectively, acting as a logger for actions triggered by component interactions. Examining the differences, the most notable distinctions lie in the version numbers of their internal Storybook dependencies. Version 6.1.5 is aligned with Storybook versions 6.1.5 across its core packages, notably @storybook/api, @storybook/addons, @storybook/theming, @storybook/client-api, @storybook/components, and @storybook/core-events. In contrast, version 6.1.4 utilizes the corresponding 6.1.4 versions of these packages.
This synchronization of versions within the Storybook ecosystem is crucial for ensuring compatibility and preventing potential conflicts. While the core functionality of the addon remains consistent, upgrading from 6.1.4 to 6.1.5 ensures that developers benefit from the latest bug fixes, performance improvements, and feature enhancements introduced within the broader Storybook framework. Developers using Storybook should prioritize using the addon version that aligns with their core Storybook installation version to maintain a stable and well-integrated development environment. Both versions boast identical dependencies like uuid, lodash, and react-inspector, along with the same peer dependencies for react and react-dom, minimizing any disruption during upgrades. The slight release date difference, a day apart, suggests a quick follow-up release to ensure everything works as expected in the ecosystem.
All the vulnerabilities related to the version 6.1.5 of the package
Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
