Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

@storybook/addon-docs relies on deprecated packages #17019

Closed
vdhpieter opened this issue Dec 15, 2021 · 10 comments
Closed

@storybook/addon-docs relies on deprecated packages #17019

vdhpieter opened this issue Dec 15, 2021 · 10 comments

Comments

@vdhpieter
Copy link

vdhpieter commented Dec 15, 2021

Describe the bug

@storybook/addon-docs relies on @jest/transform@26 which relies on jest-haste-map@26 which relies on fsevents@2.1 which is deprecated. Updating to @jest/transform@27 will solve this problem.

EDIT another deprecated package was found:

@storybook/builder-webpack4 relies on webpack-dev-middleware@3.7.3 which relies on webpack-log@2.0.0 which relies on uuid@3.3.2 which is deprecated. Updating webpack-dev-middleware to version 4 or later (newest is 5.2.2) will solve this problem.

EDIT 2:

@storybook/builder-webpack4 & @storybook/builder-webpack5 rely on react-dev-utils@11.0.4 which relies on browserslist@4.14.2 which has a security issue. Updating react-dev-utils to version 12.0.0 will solve this problem. (It wil also solve a security issue with immer)

To Reproduce
Not relevant

System
Not relevant

@vdhpieter vdhpieter changed the title @storybook/addon-docs relies on deprecated package @storybook/addon-docs relies on deprecated packages Dec 15, 2021
@chyzwar
Copy link

chyzwar commented Dec 23, 2021

For our project bigger problem is that our project use webpack5, jest27, emotion11 but storybook still use older versions. This almost double our dev dependencies and sometimes lead to hoisting problems.

I think it would be great if @storybook/builder-webpack4 and @storybook/builder-webpack5 (webpack4/webpack5) are peer dependencies then project can choose one based on webpack version in project instead of installing it twice.

@shilman
Copy link
Member

shilman commented Dec 23, 2021

@chyzwar that's the plan. however it's a breaking change so we can't make the move until SB 7.0

@bdashrad
Copy link

bdashrad commented Jan 4, 2022

@shilman just to clarify, are the peer dependencies not coming until SB 7.0 or the react-dev-utils update? Just looking for some clarification as we attempt to resolve the immer security issue.

@shilman
Copy link
Member

shilman commented Jan 5, 2022

@bdashrad I think the immer problem is fixed in 6.5 and i can patch back the fix to 6.4 if somebody verifies (hint hint)

@mikaelkarlsson-se
Copy link

@shilman I can confirm that the problem with immer is solved in SB 6.5.0-alpha.7. After upgrading all SB dependencies in my repository I can see in package lock thatreact-dev-utils (v11) has been removed and therefore also immer.
If it's not possible to remove react-dev-utils in SB 6.4 then upgrading react-dev-utils to v12 would be an option to solve the issue as well, see this thread.

@ricardo-fnd
Copy link

ricardo-fnd commented Apr 20, 2022

@chyzwar that's the plan. however it's a breaking change so we can't make the move until SB 7.0

Is this still the solution you guys are implementing to solve this issue?

I have some warnings because @storybook/core-common dependes on nanomatch which is deprecated, fsevents@1.2.13 which will break on node v14+, chokidar@2.1.8 which does not receive security updates since 2019, also some warnings with @storybook/addons-docs and more which I will present to you.

Screenshot 2022-04-20 at 16 55 34

Thank you.

@shilman
Copy link
Member

shilman commented Apr 21, 2022

@ricardo-fnd we're in the process of cleaning all this up for SB7. hopefully we'll get the first alphas out in a month or so.

@dartess
Copy link
Contributor

dartess commented Aug 10, 2022

@shilman hi!
I see improvements in version 7.
It seems that there are two packages left with warnings: jest (rather a lot of jest packages) and stable.
Are there any plans to upgrade/replace them?

I tried removing stable and it seems to work, but the list of browsers that support stable sorting is limited: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility . And I don't know if this list is satisfactory for a storybook.

@mogsdad
Copy link

mogsdad commented Nov 10, 2022

I note that V7 (specifically @storybook/addon-docs@7.0.0-alpha.48) is still dependent on @jest/transform@26. Is this a work-in-progress?

@ndelangen
Copy link
Member

This is fixed in 7.0 beta

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

9 participants