Bump tar and storybook #1888
Bump tar and storybook #1888
Conversation
Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependency [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). These dependencies need to be updated together. Removes `tar` Updates `storybook` from 7.6.13 to 10.2.1 - [Release notes](https://github.com/storybookjs/storybook/releases) - [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md) - [Commits](https://github.com/storybookjs/storybook/commits/v10.2.1/code/core) --- updated-dependencies: - dependency-name: tar dependency-version: dependency-type: indirect - dependency-name: storybook dependency-version: 10.2.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on February 21
Details
Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| "react-dom": "^18.2.0", | ||
| "sass": "^1.53.0", | ||
| "storybook": "^7.6.13", | ||
| "storybook": "^10.2.1", |
There was a problem hiding this comment.
Storybook 10 mixed with incompatible v7 addon packages
High Severity
The main storybook package is at version ^10.2.1 while all @storybook/* addon packages remain at ^7.6.13. Storybook 10 is ESM-only with breaking changes, requiring all @storybook/* packages to be at the same major version. This version mismatch will cause compatibility issues and runtime errors when trying to run Storybook, breaking both npm run storybook and npm run build-storybook commands.
Additional Locations (2)
| "react-dom": "^18.2.0", | ||
| "sass": "^1.53.0", | ||
| "storybook": "^7.6.13", | ||
| "storybook": "^10.2.1", |
There was a problem hiding this comment.
Storybook 10 incompatible with Vue 2 project
High Severity
This project uses Vue 2.6.12 with @storybook/vue and @storybook/vue-vite, but Storybook dropped Vue 2 support after version 7. These packages are deprecated and have no version 8, 9, or 10 releases. The upgrade to storybook 10.2.1 is fundamentally impossible without first migrating the entire application from Vue 2 to Vue 3. The Storybook commands will fail to run because the required Vue 2 framework packages don't exist for Storybook 10.
Additional Locations (1)
screen-builder
|
||||||||||||||||||||||||||||
| Project |
screen-builder
|
| Branch Review |
dependabot/npm_and_yarn/multi-2aea67ef6c
|
| Run status |
|
| Run duration | 09m 23s |
| Commit |
|
| Committer | dependabot[bot] |
| View all properties for this run ↗︎ | |
| Test results | |
|---|---|
Failures
|
0
|
Flaky
|
0
|
Pending
|
19
|
Skipped
|
0
|
Passing
|
389
|
| View all changes introduced in this branch ↗︎ | |
|
Removes tar. It's no longer used after updating ancestor dependency storybook. These dependencies need to be updated together.
Removes
tarUpdates
storybookfrom 7.6.13 to 10.2.1Release notes
Sourced from storybook's releases.
... (truncated)
Changelog
Sourced from storybook's changelog.
... (truncated)
Commits
acf2b44Bump version from "10.2.0" to "10.2.1" [skip ci]912784aMerge pull request #33315 from storybookjs/valentin/fix-vitest-mocker-resolutiona674af8Bump version from "10.2.0-beta.5" to "10.2.0" [skip ci]6818f34Bump version from "10.2.0-beta.4" to "10.2.0-beta.5" [skip ci]a295727fix linting8840bebBump version from "10.2.0-beta.3" to "10.2.0-beta.4" [skip ci]2336b2efix test by ignoring typescript incorrect sbType value, the array IS correct,...c91e37cCore: Refactor SBArrayType to hold a single SBType and enhance dummy argument...6b2b003Core: Update SBArrayType to support an array of SBType and improve dummy valu...f53c206Merge branch 'next' into yann/story-creation-docgen-ts-part-2Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for storybook since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Medium Risk
Major-version Storybook upgrade can introduce breaking changes in dev/build tooling and CI, even though it doesn’t directly affect runtime app code.
Overview
This PR updates the project’s Storybook toolchain to a newer major release (moving from the 7.x line to
storybook^10.2.1) and refreshes the lockfile accordingly.It also removes the
tardependency now that it’s no longer required by the updated dependency graph.Written by Cursor Bugbot for commit d3fe1c1. This will update automatically on new commits. Configure here.