michael-s-molina opened a new pull request, #37672: URL: https://github.com/apache/superset/pull/37672
## Summary This PR addresses a security vulnerability in Storybook and fixes a React peer dependency conflict. ### Security Fix - **CVE: Storybook Environment Variable Exposure** - Upgraded all Storybook packages from 8.6.14 to 8.6.15 to fix a vulnerability where environment variables from `.env` files could be unexpectedly bundled into Storybook build artifacts, potentially exposing secrets when published to the web. ### Dependency Fix - **React 17 Compatibility** - Downgraded `react-error-boundary` from ^6.1.0 to ^4.1.2 in `@superset-ui/core` to resolve peer dependency conflicts with React 17. - **Missing Peer Dependency** - Added `storybook` as a devDependency in `@superset-ui/demo` to satisfy peer dependency requirements of `@storybook/[email protected]`. ## Changes | Package | Before | After | |---------|--------|-------| | `@storybook/*` | 8.6.14 | 8.6.15 | | `react-error-boundary` | ^6.1.0 | ^4.1.2 | ## Testing Instructions 1. Run `npm install` to install dependencies 2. Run `npm run storybook` to verify Storybook starts correctly 3. Run `npm run build-storybook` to verify build works 4. Run `npm test` to verify tests pass ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
