Skip to content

[security](deps-dev): bump storybook from 10.1.11 to 10.2.10 in the npm_and_yarn group across 1 directory#102

Open
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-f0a3e6d07b
Open

[security](deps-dev): bump storybook from 10.1.11 to 10.2.10 in the npm_and_yarn group across 1 directory#102
dependabot[bot] wants to merge 2 commits intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-f0a3e6d07b

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 26, 2026
edited by greptile-apps bot
Loading

Bumps the npm_and_yarn group with 1 update in the / directory: storybook.

Updates storybook from 10.1.11 to 10.2.10

Release notes

Sourced from storybook's releases.

v10.2.10

10.2.10

v10.2.9

10.2.9

v10.2.8

10.2.8

v10.2.7

10.2.7

v10.2.6

10.2.6

v10.2.5

10.2.5

v10.2.4

10.2.4

... (truncated)

Changelog

Sourced from storybook's changelog.

10.2.10

10.2.9

10.2.8

10.2.7

10.2.6

10.2.5

10.2.4

10.2.3

... (truncated)

Commits
  • c812573 Bump version from "10.2.9" to "10.2.10" [skip ci]
  • fd275fb Merge pull request #33820 from storybookjs/harden-websocket-security
  • 4cdde82 Bump version from "10.2.8" to "10.2.9" [skip ci]
  • 719b6ca Bump version from "10.2.7" to "10.2.8" [skip ci]
  • 78f274b Merge pull request #33773 from storybookjs/valentin/add-exit-telemetry
  • 0ca7278 Merge pull request #33766 from storybookjs/norbert/share-channel-events
  • 1c96212 Merge pull request #33783 from storybookjs/copilot/add-expo-telemetry-patch-l...
  • 8d687ec Bump version from "10.2.6" to "10.2.7" [skip ci]
  • 711e245 Merge pull request #33776 from LouisLau-art/fix/loglevel-flag-works
  • 3802165 Merge pull request #33284 from ia319/bug/33281-dynamic-title-select
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Greptile Summary

This PR updates Storybook from 10.2.4 to 10.2.10, bringing security enhancements and bug fixes.

  • Security fix: Websocket connections now require tokens (v10.2.10)
  • Multiple bug fixes across Addon-Vitest, Builder-Vite, and Next.js integrations
  • Patch version update with no breaking changes expected
  • Changes limited to dependency declarations in two package.json files and the lock file

Confidence Score: 5/5
  • This PR is safe to merge with minimal risk
  • Score reflects a standard patch-level dependency update with security improvements, no code changes, and no breaking changes expected in the Storybook 10.2.x series
  • No files require special attention

Important Files Changed
Filename Overview
packages/ui/package.json Updates storybook from 10.2.4 to 10.2.10, bringing security fixes and bug improvements
platforms/web/apps/storybook/package.json Updates storybook from 10.2.4 to 10.2.10, matching the version bump in packages/ui
pnpm-lock.yaml Lock file update reflecting storybook version bump and transitive dependency updates

Last reviewed commit: e8b06ab

@dependabot
[security](deps-dev): bump storybook
e8b06ab 
Bumps the npm_and_yarn group with 1 update in the / directory: [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core).


Updates `storybook` from 10.1.11 to 10.2.10
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.10/code/core)

---
updated-dependencies:
- dependency-name: storybook
  dependency-version: 10.2.10
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 26, 2026

Labels

The following labels could not be found: security. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot added the dependencies Dependency updates label Feb 26, 2026
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 26, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e8b06ab161

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

@argos-ci
Copy link

argos-ci bot commented Feb 26, 2026
edited
Loading

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build Status Details Updated (UTC)
default (Inspect) ✅ No changes detected 50 failures Feb 26, 2026, 7:37 PM

@socket-security
Copy link

socket-security bot commented Feb 26, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedreact@​19.2.41001008497100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jscraik jscraik jscraik left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

dependencies Dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jscraik