@storybook/addon-viewport is a valuable tool for Storybook users aiming to create responsive components, allowing developers to simulate various screen sizes and orientations within their Storybook environment. Comparing versions 6.1.17 and 6.1.18, while the core functionality remains consistent, subtle yet important changes underpin the update. The primary distinction lies in the synchronized dependencies across the Storybook ecosystem. Version 6.1.18 upgrades its internal dependencies on other Storybook packages like @storybook/api, @storybook/addons, @storybook/theming, @storybook/components, @storybook/core-events, and @storybook/client-logger to version 6.1.18, ensuring compatibility and potentially incorporating bug fixes or minor enhancements introduced in those related packages. In contrast, version 6.1.17 relies on an earlier iteration of these dependencies. This synchronization is crucial for maintaining a stable and predictable Storybook environment. Developers should upgrade to version 6.1.18 to benefit from the latest improvements and ensure seamless integration with other core Storybook addons and components. The update doesn't introduce breaking changes visible at the API level related to the add-on itself, keeping the user experience similar, so the upgrade should be effortless. The peerDependencies remain consistent, requiring a React and ReactDOM version of ^16.8.0 or ^17.0.0.
All the vulnerabilities related to the version 6.1.18 of the package
Cross site scripting in markdown-to-jsx
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.
