Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release: Patch 7.0.21 #23012

Merged
merged 32 commits into from
Jun 15, 2023
Merged

Release: Patch 7.0.21 #23012

merged 32 commits into from
Jun 15, 2023

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jun 9, 2023

This is an automated pull request that bumps the version from 7.0.20 to 7.0.21.
Once this pull request is merged, it will trigger a new release of version 7.0.21.
If you're not a core maintainer with permissions to release you can ignore this pull request.

To do

Before merging the PR, there are a few QA steps to go through:

  • Add the "freeze" label to this PR, to ensure it doesn't get automatically forced pushed by new changes.

And for each change below:

  1. Ensure the change is appropriate for the version bump. E.g. patch release should only contain patches, not new or de-stabilizing features. If a change is not appropriate, revert the PR.
  2. Ensure the PR is labeled correctly with one of: "BREAKING CHANGE", "feature request", "bug", "maintenance", "dependencies", "documentation", "build", "unknown".
  3. Ensure the PR title is correct, and follows the format "[Area]: [Summary]", e.g. "React: Fix hooks in CSF3 render functions". If it is not correct, change the title in the PR.
    • Areas include: React, Vue, Core, Docs, Controls, etc.
    • First word of summary indicates the type: “Add”, “Fix”, “Upgrade”, etc.
    • The entire title should fit on a line

This is a list of all the PRs merged and commits pushed directly to next, that will be part of this release:

  • 🐛 Bug: Core: Fix builder-manager adding multiple dashes to relative path #22974
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Release: Fix release and changelog generation #23016
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: CLI: Improve steps in storybook init #22502
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📝 Documentation: Docs: Simplify migration-guide #22986
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📝 Documentation: Docs: Add ArgTypes API reference #22970
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📝 Documentation: Docs: Clarify APIs of Controls doc block/addon/argTypes #23058
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Build: Fix E2E and chromatic inconsistencies #23051
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Build: Use local registry for all packages #23066
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: Angular: Fix ivy preset #23070
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: Web-components: Fix custom-elements order of property application #19183
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📝 Documentation: Chore: (Docs) Removes references to outdated APIs and packages #22856
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Build: Upgrade playwright to 1.35.0 #22992
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 📦 Dependencies: Dependencies: Set vue-component-type-helpers to latest #23015
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Release tooling: Fix pick patches script #23043
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🏗️ Build: Release tooling: Give the full commit hash to the github API #23046
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: Angular: Fix 16.1 compatibility #23064
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: Vue3: Fix source decorator to generate correct story code #22518
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🔧 Maintenance: Core: Improve of={...} DocBlock error in story index #22782
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct
  • 🐛 Bug: CLI: Skip builder selection for react native #23042
    • The change is appropriate for the version bump
    • The PR is labeled correctly
    • The PR title is correct

🍒 Manual cherry picking needed!

The following pull requests could not be cherry-picked automatically because it resulted in merge conflicts.
For each pull request below, you need to either manually cherry pick it, or discard it by removing the "patch" label from the PR and re-generate this PR.

  • #23051: git cherry-pick -m1 -x d00fe882583e80742a620566771e106de9a7743e
  • #23066: git cherry-pick -m1 -x 3b801a6921bcd7c46db3b3a8ac67866d60337dac
  • #19183: git cherry-pick -m1 -x abfc677253bcd7ddb05c3a05ba34486dfcc974fe
  • #22856: git cherry-pick -m1 -x 1c3d36987dcc925d70a9959e496ad8ef5ec61258
  • #22992: git cherry-pick -m1 -x 10e6a6791a2e2262c5063bcbee894babcb00ba56
  • #23015: git cherry-pick -m1 -x 9630bdd1622ba0533948445c22b96164c865d965
  • #23043: git cherry-pick -m1 -x 755f25739c870e8a00b03d69ed145bb2eb0c2ce1
  • #23046: git cherry-pick -m1 -x de18fccdb6571c1a54f8177f125059cfa21bda48
  • #22782: git cherry-pick -m1 -x ec249113e0890ea0935ff8c6f56e8923c107e7eb

If you've made any changes doing the above QA (change PR titles, revert PRs), manually trigger a re-generation of this PR with this workflow and wait for it to finish. It will wipe your progress in this to do, which is expected.

When everything above is done:


Generated changelog

7.0.21

ndelangen and others added 12 commits June 9, 2023 12:56
Build: Remove `playwright` and `playwright-core`, but keep the resolutions
Build: Fix CI with conflicting playwright version
Release: Fix minor scripts and workflows
Release: Don't pick patches when prereleasing
Release: Don't reference prototype repository
Release: Fix permissions for publish script
Release: Fix not escaping content of GH Releases
@socket-security
Copy link

socket-security bot commented Jun 9, 2023

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue Package Version Note Source
Network access tunnel 0.0.6 scripts/package.json via @actions/core@1.10.0
Network access @actions/http-client 2.1.0 scripts/package.json via @actions/core@1.10.0
Network access @gitbeaker/node 21.7.0 scripts/package.json via danger@11.2.6
Network access got 11.8.6 scripts/package.json via danger@11.2.6
Network access cacheable-lookup 5.0.4 scripts/package.json via danger@11.2.6
New author clone-response 1.0.3 scripts/package.json via danger@11.2.6
New author responselike 2.0.1 scripts/package.json via danger@11.2.6
Shell access simple-git 3.19.0 scripts/package.json

Next steps

What is network access?

This module accesses the network.

Packages should remove all network access that isn't functionally unnecessary. Consumers should audit network access to ensure legitimate use.

What is new author?

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights.

What is shell access?

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

  • @SocketSecurity ignore clone-response@1.0.3
  • @SocketSecurity ignore responselike@2.0.1
  • @SocketSecurity ignore simple-git@3.19.0
  • @SocketSecurity ignore tunnel@0.0.6
  • @SocketSecurity ignore @actions/http-client@2.1.0
  • @SocketSecurity ignore @gitbeaker/node@21.7.0
  • @SocketSecurity ignore got@11.8.6
  • @SocketSecurity ignore cacheable-lookup@5.0.4

@socket-security
Copy link

socket-security bot commented Jun 9, 2023

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives1 Size Publisher
danger 🆕 11.2.6 environment +20 3.75 MB orta
vue-component-type-helpers 🆕 1.6.5 None +0 3.94 kB johnsoncodehk
p-retry 🆕 5.1.2 None +1 20.6 kB sindresorhus
wait-on 🆕 7.0.1 None +1 480 kB jeffbski
@actions/core 🆕 1.10.0 network, filesystem, environment +2 209 kB thboop
dataloader 🆕 2.2.2 None +0 62.2 kB saihaj
jest-mock-extended 🆕 3.0.4 None +1 144 kB marchaos
simple-git 🆕 3.19.0 filesystem, shell +2 898 kB steveukx
@playwright/test ⬆️ 1.32.3...1.35.0 None +1/-1 10 MB aslushnikov

🚮 Removed packages: @storybook/addon-actions@7.0.20, @storybook/addon-controls@7.0.20, @storybook/addon-docs@7.0.20, @storybook/addon-highlight@7.0.20, @storybook/addon-measure@7.0.20, @storybook/addon-outline@7.0.20, @storybook/addon-storyshots@7.0.20, @storybook/addon-toolbars@7.0.20, @storybook/addon-viewport@7.0.20, @storybook/blocks@7.0.20, @storybook/builder-vite@7.0.20, @storybook/csf-plugin@7.0.20, @storybook/html@7.0.20, @storybook/postinstall@7.0.20, @storybook/preact@7.0.20, @storybook/preset-html-webpack@7.0.20, @storybook/preset-preact-webpack@7.0.20, @storybook/preset-react-webpack@7.0.20, @storybook/preset-server-webpack@7.0.20, @storybook/preset-svelte-webpack@7.0.20, @storybook/preset-vue-webpack@7.0.20, @storybook/preset-vue3-webpack@7.0.20, @storybook/preset-web-components-webpack@7.0.20, @storybook/preview-web@7.0.20, @storybook/server@7.0.20, @storybook/source-loader@7.0.20, @storybook/svelte@7.0.20, @storybook/svelte-vite@7.0.20, @storybook/web-components@7.0.20, playwright@1.32.3

Footnotes

  1. https://docs.socket.dev

@github-actions github-actions bot changed the title Merge patches to main Bump version on main: patch from 7.0.20 to 7.0.21 Jun 13, 2023
@kasperpeulen kasperpeulen added the ci:daily Run the CI jobs that normally run in the daily job. label Jun 13, 2023
@github-actions github-actions bot force-pushed the version-patch-from-7.0.20 branch 2 times, most recently from c88dd11 to 3f37160 Compare June 13, 2023 14:44
@shilman shilman added the freeze Freeze the Release PR with this label label Jun 13, 2023
@kasperpeulen kasperpeulen removed the ci:daily Run the CI jobs that normally run in the daily job. label Jun 13, 2023
@github-actions github-actions bot force-pushed the version-patch-from-7.0.20 branch 4 times, most recently from 4bb74d8 to 5658592 Compare June 14, 2023 09:35
…for-all-packages

Build: Use local registry for all packages
@shilman shilman added freeze Freeze the Release PR with this label and removed freeze Freeze the Release PR with this label labels Jun 14, 2023
@shilman shilman added freeze Freeze the Release PR with this label ci:merged Run the CI jobs that normally run when merged. and removed ci:pr labels Jun 14, 2023
…ithub-bot

Release tooling: Trigger circle CI on pushes by github action bot
ndelangen and others added 8 commits June 14, 2023 15:23
…neration

fix: Build manager adding multiple dashes to relative path
(cherry picked from commit 7f1ffa7)
Release: Fix release and changelog generation
(cherry picked from commit b50a3b5)
…in-init

CLI: Improve steps in storybook init
(cherry picked from commit b50aa50)
Docs: Simplify `migration-guide`
(cherry picked from commit 28197ea)
Docs: Add ArgTypes API reference
(cherry picked from commit e39cc9f)
…-install-addon

Docs: Clarify APIs of Controls doc block/addon/argTypes
(cherry picked from commit 893b4a8)
…ome-more

Bug: Fix angular ivy-preset
(cherry picked from commit 0c0e0d0)
Bug: Fix for angular 16.1 compatibility
(cherry picked from commit 4f0c895)
kasperpeulen and others added 7 commits June 14, 2023 19:32
…ilder

CLI: Skip builder selection for react native
(cherry picked from commit 8b9ffc7)
Build: Fix E2E and chromatic inconsistencies
(cherry picked from commit d00fe88)
…-19167-18858-custom-elements-manifest-update

Web-components: Fix custom-elements order of property application
(cherry picked from commit abfc677)
Chore: (Docs) Removes references to outdated APIs and packages
(cherry picked from commit 1c3d369)
Build: Upgrade playwright to 1.35.0
(cherry picked from commit 10e6a67)
…-helpers-latest

Dependencies: Set vue-component-type-helpers to latest
(cherry picked from commit 9630bdd)
EdricChan03 added a commit to EdricChan03/material-storybook that referenced this pull request Jun 15, 2023
Also bumps RxJS to 7.x

See storybookjs/storybook#23057 and storybookjs/storybook#23064 for more
info

TODO: Rollback to 7.0.21 when storybookjs/storybook#23012 is merged
@kasperpeulen kasperpeulen changed the title Bump version on main: patch from 7.0.20 to 7.0.21 Release: Patch 7.0.21 Jun 15, 2023
@kasperpeulen kasperpeulen merged commit 9a57248 into latest-release Jun 15, 2023
@kasperpeulen kasperpeulen deleted the version-patch-from-7.0.20 branch June 15, 2023 08:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ci:merged Run the CI jobs that normally run when merged. freeze Freeze the Release PR with this label maintenance User-facing maintenance tasks
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants