Skip to content

build(deps): bump tar and storybook#272

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-0f157119da
Open

build(deps): bump tar and storybook#272
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-0f157119da

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 15, 2026

Removes tar. It's no longer used after updating ancestor dependency storybook. These dependencies need to be updated together.

Removes tar

Updates storybook from 7.6.24 to 10.4.0

Release notes

Sourced from storybook's releases.

v10.4.0

10.4.0

AI-assisted setup, change-aware review, and stronger framework support

Storybook 10.4 contains hundreds of fixes and improvements including:

  • 🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding
  • 🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes
  • 🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar
  • ⚛️ TanStack React: New `@storybook/tanstack-react` framework with routing and server function support
  • 🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server
  • 📱 React Native: Zero config RN project initialization
  • 🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic

... (truncated)

Changelog

Sourced from storybook's changelog.

10.4.0

AI-assisted setup, change-aware review, and stronger framework support

Storybook 10.4 contains hundreds of fixes and improvements including:

  • 🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding
  • 🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes
  • 🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar
  • ⚛️ TanStack React: New @storybook/tanstack-react framework with routing and server function support
  • 🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server
  • 📱 React Native: Zero config RN project initialization
  • 🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic

... (truncated)

Commits
  • f8c16d1 Bump version from "10.4.0-beta.0" to "10.4.0" [skip ci]
  • e02da0b Bump version from "10.4.0-alpha.19" to "10.4.0-beta.0" [skip ci]
  • 6fe5959 Merge branch 'next' into next-release
  • f9810c7 Merge pull request #34769 from storybookjs/jeppe/handle-minimum-release-age
  • db9d52b format
  • bdc688f fix documentation string
  • eed7d2a simplify error handling
  • 429fb3e Bump version from "10.4.0-alpha.18" to "10.4.0-alpha.19" [skip ci]
  • 79a8667 format
  • 3ebdd02 undo the "run" prefix on ghost stories and self healing payload
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump tar and storybook
0a7156f 
Removes [tar](https://github.com/isaacs/node-tar). It's no longer used after updating ancestor dependency [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core). These dependencies need to be updated together.


Removes `tar`

Updates `storybook` from 7.6.24 to 10.4.0
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.4.0/code/core)

---
updated-dependencies:
- dependency-name: tar
  dependency-version:
  dependency-type: indirect
- dependency-name: storybook
  dependency-version: 10.4.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 15, 2026
@dependabot dependabot Bot requested a review from henningmu as a code owner May 15, 2026 00:41
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 15, 2026
doistbot
doistbot reviewed May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@doistbot doistbot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this PR updating the storybook dependency and removing tar. Keeping our tooling current is always appreciated for long-term maintainability. However, the update currently leaves other @storybook/* packages pinned to version 7.x which can cause major version conflicts, and the CI pipeline does not yet include a build step to verify that the upgraded Storybook setup functions correctly.

Share FeedbackReview Logs

Comment thread packages/ui-extensions-react/package.json
"react-is": "17.0.2",
"react-test-renderer": "17.0.2",
"storybook": "7.6.24"
"storybook": "10.4.0"
Copy link
Copy Markdown
Member

@doistbot doistbot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P1] This updates only the storybook CLI to 10.4.0 while the actual Storybook framework/addons in this package are still pinned to 7.6.24 (@storybook/react, @storybook/react-webpack5, @storybook/addon-*). Mixing major Storybook versions is unsupported and can break npm run storybook / build-storybook. Upgrade the rest of the @storybook/* packages in the same change, or keep storybook on the 7.x line.

Comment thread packages/ui-extensions-react/package.json
"react-is": "17.0.2",
"react-test-renderer": "17.0.2",
"storybook": "7.6.24"
"storybook": "10.4.0"
Copy link
Copy Markdown
Member

@doistbot doistbot May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[P2] This major Storybook upgrade is not exercised by the package’s current CI path: react-ci only runs integrity-check, and that script does not include build-storybook or any Storybook smoke test. Add build-storybook (or an equivalent Storybook startup/build check) to CI so the highest-risk path introduced by this dependency bump is actually covered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@doistbot doistbot doistbot left review comments

@henningmu henningmu Awaiting requested review from henningmu henningmu is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@doistbot