@storybook/addon-actions is a valuable tool for Storybook developers, enabling them to log and display actions triggered within their components. Versions 6.1.6 and 6.1.5 offer similar functionalities, both serving as Action Logger addons. Examining the core dependencies reveals largely consistent requirements, encompassing crucial utilities such as uuid, lodash, core-js, and styling tools like polished and ts-dedent. Both versions rely on essential Storybook packages like @storybook/api, @storybook/addons, @storybook/theming, @storybook/client-api, @storybook/components, and @storybook/core-events for seamless integration. Development dependencies for both versions maintain a similar type definition setup with @types/uuid, @types/lodash, and @types/webpack-env to enable type checking. Critically, peer dependencies specify compatibility with React versions 16.8.0 and 17.0.0 , ensuring proper functioning within common React projects. The significant difference lies in the internal Storybook package version dependencies which are updated from 6.1.5. to 6.1.6. Though the file count and unpacked size remain identical, indicating similar code volume, the @storybook/api and @storybook/addons (among other dependencies) version bump from '6.1.5' to '6.1.6' in version 6.1.6 marks the primary change, warranting consideration for developers seeking the latest Storybook ecosystem enhancements and bug fixes. Both versions of the package provide functionality for logging actions but version 6.1.6 ensures compatibility with the latest Storybook core.
All the vulnerabilities related to the version 6.1.6 of the package
Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
