[Bug] vulnerability related to trim

[JBustin]

Describe the bug

Test-runner has a dep vulnerability related to trim 0.0.1
Force to use trim 0.0.3 breaks the storybook build on my side.

trim  <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix --force`
Will install @storybook/[email protected], which is a breaking change
node_modules/trim
  remark-parse  <=8.0.3
  Depends on vulnerable versions of trim
  node_modules/remark-parse
    @mdx-js/mdx  <=1.6.22
    Depends on vulnerable versions of remark-mdx
    Depends on vulnerable versions of remark-parse
    node_modules/@mdx-js/mdx
      @storybook/mdx1-csf  *
      Depends on vulnerable versions of @mdx-js/mdx
      node_modules/@storybook/mdx1-csf
        @storybook/csf-tools  6.5.0-alpha.1 - 6.5.17-alpha.0
        Depends on vulnerable versions of @storybook/mdx1-csf
        node_modules/@storybook/csf-tools
          @storybook/test-runner  >=0.0.9--canary.107.1b41303.0
          Depends on vulnerable versions of @storybook/csf-tools
          node_modules/@storybook/test-runner

Environment

• OS: iOS
• Node.js version: 16.13.0
• NPM version: 8.1.0

Additional context

I'm using

"@storybook/vue": "6.5.16",
"@storybook/test-runner": "0.9.4"

[yannbf]

Hey there! Thanks for opening an issue, but I believe it doesn't have anything to do with the test-runner. It has to do with your @storybook/mdx1-csf dependency. I believe you won't have this issue if you migrate to Storybook 7 which we focused on fixing every security issue, given that lots of them related to mdx1.

I'll be moving this issue to the correct repo!

cc @shilman