Skip to content

fix: update storybook dependencies #4406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mergify merged 1 commit into from
Dec 23, 2025
Merged

fix: update storybook dependencies #4406

mergify merged 1 commit into from
Dec 23, 2025

Conversation

@tjuanitas
Copy link
Contributor

@tjuanitas tjuanitas commented Dec 22, 2025
edited by coderabbitai bot
Loading

resolves https://github.com/box/box-ui-elements/security/dependabot/328

Summary by CodeRabbit

  • Chores
    • Updated Storybook dependencies to version 9.1.17.

✏️ Tip: You can customize this high-level summary in your review settings.

@tjuanitas tjuanitas requested a review from a team as a code owner December 22, 2025 22:28
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 22, 2025
edited
Loading

Walkthrough

Updated Storybook dependencies from version 9.0.14 to 9.1.17 across three packages: @storybook/addon-docs, @storybook/react-webpack5, and storybook.

Changes

Cohort / File(s) Change Summary
Storybook Dependencies
package.json		 Updated @storybook/addon-docs, @storybook/react-webpack5, and storybook from ^9.0.14 to ^9.1.17

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested labels

ready-to-merge

Suggested reviewers

  • jpan-box
  • greg-in-a-box
  • reneshen0328

Poem

📚✨ Storybook tales grow ever new,
Version bumps from old to true,
Nine-point-one brings fixes fine,
A rabbit's hop through the dependency line! 🐰

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)
Check name Status Explanation Resolution
Description check ❓ Inconclusive The pull request description is minimal and only references a security alert, but lacks the structured information recommended by the template (context, rationale, testing notes). Provide more context about the security vulnerability being addressed and any testing or validation performed to verify the dependency updates.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title 'fix: update storybook dependencies' clearly and accurately summarizes the main change: updating Storybook dependency versions from ^9.0.14 to ^9.1.17.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix-storybook-vulnerability
📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f59e209 and 242461c.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (1)
  • package.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: semgrep-cloud-platform/scan
  • GitHub Check: lint_test_build
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: Summary
🔇 Additional comments (1)
package.json (1)

155-155: Security fix approved. Updating Storybook dependencies from ^9.0.14 to ^9.1.17 correctly addresses CVE-2025-68429. The version bump is a minor release with no breaking changes, and consistency across all three packages is maintained.

If your project references environment variables without a STORYBOOK_ prefix or explicit configuration, adjust those patterns after the update.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mergify mergify bot added the queued label Dec 23, 2025
@mergify mergify bot merged commit 7c2546c into master Dec 23, 2025
12 checks passed
@mergify mergify bot deleted the fix-storybook-vulnerability branch December 23, 2025 01:45
@mergify
Copy link
Contributor

mergify bot commented Dec 23, 2025

Merge Queue Status

✅ The pull request has been merged at 242461c

This pull request spent 4 seconds in the queue, with no time running CI.
The checks were run in-place.

Required conditions to merge
  • #approved-reviews-by >= 1 [🛡 GitHub branch protection]
  • #changes-requested-reviews-by = 0 [🛡 GitHub branch protection]
  • #review-threads-unresolved = 0 [🛡 GitHub branch protection]
  • branch-protection-review-decision = APPROVED [🛡 GitHub branch protection]
  • any of [🛡 GitHub branch protection]:
    • check-success = Summary
    • check-neutral = Summary
    • check-skipped = Summary
  • any of [🛡 GitHub branch protection]:
    • check-success = lint_test_build
    • check-neutral = lint_test_build
    • check-skipped = lint_test_build
  • any of [🛡 GitHub branch protection]:
    • check-success = license/cla
    • check-neutral = license/cla
    • check-skipped = license/cla
  • any of [🛡 GitHub branch protection]:
    • check-success = lint_pull_request
    • check-neutral = lint_pull_request
    • check-skipped = lint_pull_request

@mergify mergify bot removed the queued label Dec 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jpan-box jpan-box jpan-box approved these changes

@greg-in-a-box greg-in-a-box greg-in-a-box approved these changes

Assignees

No one assigned

Labels

ready-to-merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tjuanitas @jpan-box @greg-in-a-box