chore(deps): bump the all-other-dependencies group across 1 directory with 25 updates

[dependabot]

Bumps the all-other-dependencies group with 22 updates in the / directory:

Package	From	To
@radix-ui/react-accordion	1.2.12	1.2.13
@radix-ui/react-dialog	1.1.15	1.1.16
@radix-ui/react-form	0.1.8	0.1.9
@sentry/react	10.52.0	10.57.0
lucide-react	0.577.0	1.17.0
multiformats	13.4.2	14.0.0
react	19.2.6	19.2.7
@types/react	19.2.14	19.2.17
react-dom	19.2.6	19.2.7
viem	2.48.11	2.52.2
@chromatic-com/storybook	5.1.2	5.2.1
@storybook/addon-a11y	10.3.6	10.4.3
@storybook/addon-docs	10.3.6	10.4.3
@storybook/addon-onboarding	10.3.6	10.4.3
@storybook/addon-vitest	10.3.6	10.4.3
@storybook/react-vite	10.3.6	10.4.3
@types/node	25.6.2	25.9.2
@vitejs/plugin-react	5.2.0	6.0.2
@vitest/browser-playwright	4.1.5	4.1.8
jsdom	28.1.0	29.1.1
playwright	1.59.1	1.60.0
typescript	5.9.3	6.0.3

Updates @radix-ui/react-accordion from 1.2.12 to 1.2.13

Changelog

Sourced from @​radix-ui/react-accordion's changelog.

1.2.13

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-collapsible@1.1.13, @radix-ui/react-collection@1.1.9, @radix-ui/react-direction@1.1.2, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-accordion since your current version.

Updates @radix-ui/react-dialog from 1.1.15 to 1.1.16

Changelog

Sourced from @​radix-ui/react-dialog's changelog.

1.1.16

• Fixed disabled pointer events in closed dialogs
• Fixed a bug where iOS text selection and editing on HTML inputs within react-dialog were broken
• Fixed triggers referencing a non-existent element via aria-controls when their content is removed from the DOM (credit to @​dodomorandi for the original PR)
• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/react-presence@1.1.6, @radix-ui/react-slot@1.2.5, @radix-ui/react-focus-guards@1.1.4, @radix-ui/react-dismissable-layer@1.1.12, @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-focus-scope@1.1.9, @radix-ui/react-id@1.1.2, @radix-ui/react-portal@1.1.11, @radix-ui/react-primitive@2.1.5, @radix-ui/react-use-controllable-state@1.2.3

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-dialog since your current version.

Updates @radix-ui/react-form from 0.1.8 to 0.1.9

Changelog

Sourced from @​radix-ui/react-form's changelog.

0.1.9

• Added repository.directory to all package.json files
• Updated dependencies: @radix-ui/primitive@1.1.4, @radix-ui/react-compose-refs@1.1.3, @radix-ui/react-context@1.1.4, @radix-ui/react-id@1.1.2, @radix-ui/react-label@2.1.9, @radix-ui/react-primitive@2.1.5

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​radix-ui/react-form since your current version.

Updates @sentry/react from 10.52.0 to 10.57.0

Release notes

Sourced from @​sentry/react's releases.

10.57.0

Important Changes

• feat(angular): Add support for Angular 22 (#21330)

  @sentry/angular now officially supports Angular 22.

• ref(core): Deprecate sendDefaultPii in favor of dataCollection (#21277)

  sendDefaultPii is deprecated and will be removed in v11. The new dataCollection option lets you control each category of collected data. sendDefaultPii: true still works and maps to enabling all dataCollection categories. dataCollection.userInfo defaults to true when dataCollection is provided, meaning auto-populated user.* fields (e.g. IP address from a request) are collected by default. Data you set explicitly (like via Sentry.setUser()) is always sent regardless. When dataCollection is not set at all, the legacy sendDefaultPii behavior applies (userInfo: false by default) to preserve backward compatibility.

  Note that an empty dataCollection: {} falls back to more permissive defaults than sendDefaultPii: false, so replicate the old behavior by opting out explicitly:

  Sentry.init({
    dataCollection: {
      userInfo: false,
      genAI: { inputs: false, outputs: false },
      httpBodies: [],
      httpHeaders: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      cookies: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      queryParams: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
    },
  });

Other Changes

• feat: Use dataCollection.frameContextLines for ContextLines integration (#21323)
• feat(cloudflare): Auto instrument D1 based on env (#21276)
• feat(core): Change default of dataCollection.userInfo to true (#21348)
• feat(core): Default dataCollection.httpBodies to all valid body types (#21352)
• feat(hono): Filter noisy transactions (favicon etc) (#21365)
• fix(cloudflare): Don't track negatively sampled spans (#21367)
• fix(core): Use safeDateNow calls for new Date() reads (#21351)
• fix(nextjs): Shim pinoIntegration on edge runtime (#21347)
• fix(node): Prevent PostgresJs integration from emitting duplicate spans per query (#21364)
• fix(node-core): Read __SENTRY_SERVER_MODULES__ lazily so Turbopack injection is honored (#21339)
• fix(react): Detect React Router v6/v7 navigations in a layout effect to propagate the correct trace (#21326)
• fix(react): Remove unused react.componentStack event context (#21183)
• fix(replays): Record sentry._internal.replay_is_buffering for spans (#21297)

• chore: Bump volta node version from 20.19.2 to 20.19.5 (#21359)

... (truncated)

Changelog

Sourced from @​sentry/react's changelog.

10.57.0

Important Changes

• feat(angular): Add support for Angular 22 (#21330)

  @sentry/angular now officially supports Angular 22.

• ref(core): Deprecate sendDefaultPii in favor of dataCollection (#21277)

  sendDefaultPii is deprecated and will be removed in v11. The new dataCollection option lets you control each category of collected data. sendDefaultPii: true still works and maps to enabling all dataCollection categories. dataCollection.userInfo defaults to true when dataCollection is provided, meaning auto-populated user.* fields (e.g. IP address from a request) are collected by default. Data you set explicitly (like via Sentry.setUser()) is always sent regardless. When dataCollection is not set at all, the legacy sendDefaultPii behavior applies (userInfo: false by default) to preserve backward compatibility.

  Note that an empty dataCollection: {} falls back to more permissive defaults than sendDefaultPii: false, so replicate the old behavior by opting out explicitly:

  Sentry.init({
    dataCollection: {
      userInfo: false,
      genAI: { inputs: false, outputs: false },
      httpBodies: [],
      httpHeaders: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      cookies: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
      queryParams: { deny: ['forwarded', '-ip', 'remote-', 'via', '-user'] },
    },
  });

Other Changes

• feat: Use dataCollection.frameContextLines for ContextLines integration (#21323)
• feat(cloudflare): Auto instrument D1 based on env (#21276)
• feat(core): Change default of dataCollection.userInfo to true (#21348)
• feat(core): Default dataCollection.httpBodies to all valid body types (#21352)
• feat(hono): Filter noisy transactions (favicon etc) (#21365)
• fix(cloudflare): Don't track negatively sampled spans (#21367)
• fix(core): Use safeDateNow calls for new Date() reads (#21351)
• fix(nextjs): Shim pinoIntegration on edge runtime (#21347)
• fix(node): Prevent PostgresJs integration from emitting duplicate spans per query (#21364)
• fix(node-core): Read __SENTRY_SERVER_MODULES__ lazily so Turbopack injection is honored (#21339)
• fix(react): Detect React Router v6/v7 navigations in a layout effect to propagate the correct trace (#21326)
• fix(react): Remove unused react.componentStack event context (#21183)
• fix(replays): Record sentry._internal.replay_is_buffering for spans (#21297)

... (truncated)

Commits

• 950cf97 release: 10.57.0
• 55f9343 Merge pull request #21369 from getsentry/prepare-release/10.57.0
• 88d9d30 meta(changelog): Update changelog for 10.57.0
• 03ffd25 fix(cloudflare): Don't track negatively sampled spans (#21367)
• 7c19ead ref(node): Streamline sql-common (#21360)
• 95df562 feat(hono): Filter noisy transactions (favicon etc) (#21365)
• 92eb5d2 feat(deps): Bump hono from 4.12.18 to 4.12.21 (#21341)
• c6f790b fix(node): Prevent PostgresJs integration from emitting duplicate spans per q...
• d645349 ref(node): Streamline lru-memoizer instrumentation (#21350)
• 4293015 feat(deps): Bump @​types/aws-lambda from 8.10.150 to 8.10.161 (#21105)
• Additional commits viewable in compare view

Updates lucide-react from 0.577.0 to 1.17.0

Release notes

Sourced from lucide-react's releases.

Version 1.17.0

What's Changed

• chore(lucide-vue-next|lucide-svelte|lucide-angular): Remove deprecated packages by @​ericfennis in lucide-icons/lucide#4376
• chore(repo): Update issue templates and documentation for package ren… by @​ericfennis in lucide-icons/lucide#4379
• feat(site): Adds survey overlay to website by @​ericfennis in lucide-icons/lucide#4380
• feat(site): Certificate dev links by @​ericfennis in lucide-icons/lucide#4390
• fix(icons): changed martini icon by @​jamiemlaw in lucide-icons/lucide#4335
• chore(deps): bump brace-expansion from 1.1.11 to 5.0.6 by @​dependabot[bot] in lucide-icons/lucide#4386
• chore(deps): bump @​tootallnate/once from 2.0.0 to 2.0.1 by @​dependabot[bot] in lucide-icons/lucide#4404
• chore(deps): bump devalue from 5.8.0 to 5.8.1 by @​dependabot[bot] in lucide-icons/lucide#4391
• chore(deps): bump ws from 8.18.0 to 8.20.1 by @​dependabot[bot] in lucide-icons/lucide#4392
• fix(gh-icon): limit icon size to a maximum of 256 pixels by @​jguddas in lucide-icons/lucide#4398
• chore(dependencies): Update dependencies by @​ericfennis in lucide-icons/lucide#4377
• feat(copilot): Adding copilot instructions by @​ericfennis in lucide-icons/lucide#4407
• feat(icons): add globe-check by @​Barakudum in lucide-icons/lucide#4342
• feat(metadata): Require use-cases in meta json by @​ericfennis in lucide-icons/lucide#4321
• feat(icons): added parasol icon by @​karsa-mistmere in lucide-icons/lucide#4347

Full Changelog: lucide-icons/lucide@1.16.0...1.17.0

Version 1.16.0

What's Changed

• feat(icons): added blender icon by @​rrod497 in lucide-icons/lucide#3884

Full Changelog: lucide-icons/lucide@1.15.0...1.16.0

Version 1.15.0

What's Changed

• fix: remove 'less' from brand stopwords by @​jguddas in lucide-icons/lucide#4331
• fix(@​lucide/vue): Clone slots before passing to icon by @​axtho in lucide-icons/lucide#4339
• fix(icons): changed text-cursor icon by @​jamiemlaw in lucide-icons/lucide#4340
• fix(icons): changed landmark icon by @​jamiemlaw in lucide-icons/lucide#4334
• chore(deps-dev): bump nitropack from 2.13.1 to 2.13.4 by @​dependabot[bot] in lucide-icons/lucide#4352
• chore(deps-dev): bump simple-git from 3.33.0 to 3.36.0 by @​dependabot[bot] in lucide-icons/lucide#4349
• fix(icons): changed candy-cane icon by @​jguddas in lucide-icons/lucide#4148
• fix(icons): changed volleyball icon by @​jamiemlaw in lucide-icons/lucide#4338
• fix(icons): changed chart-no-axes-combined icon by @​jguddas in lucide-icons/lucide#3567
• feat(icon): added broccoli icon by @​swastik7805 in lucide-icons/lucide#4263
• chore(site): Updates to site and updated carbon ads by @​ericfennis in lucide-icons/lucide#4359
• feat(icons): added sticky note variants by @​Barakudum in lucide-icons/lucide#4348
• chore(deps-dev): bump astro from 6.1.6 to 6.1.10 by @​dependabot[bot] in lucide-icons/lucide#4361

New Contributors

• @​axtho made their first contribution in lucide-icons/lucide#4339
• @​Barakudum made their first contribution in lucide-icons/lucide#4348

Full Changelog: lucide-icons/lucide@1.14.0...1.15.0

... (truncated)

Commits

• 07c885e fix(docs): fix zephyr-cloud URL in readmes
• 50d8af5 docs(readme): Update readme files (#4320)
• 653e44b feat(packages): use .mjs for ESM bundles (#4285)
• 7623e23 feat(docs): add Zephyr Cloud to Hero Backers tier & rework updateSponsors scr...
• dada0a8 fix(lucide-react): Fix dynamic imports (#4210)
• a6e648a fix(lucide-react): correct client directives in RSC files (#4189)
• 1f010a3 fix(lucide-react): Fixes provider export and RSC render issues (#4175)
• 484f2c9 docs(version-1): Version 1 website (#4142)
• a0e202d feat(packages/angular): add new @​lucide/angular package (#3897)
• c5b155e Merge branch 'main' of https://github.com/lucide-icons/lucide into next
• Additional commits viewable in compare view

Updates multiformats from 13.4.2 to 14.0.0

Release notes

Sourced from multiformats's releases.

v14.0.0

14.0.0 (2026-05-07)

⚠ BREAKING CHANGES

• all Hashers are now MultihashHasher<Code>s
• Returned Uint8Arrays are now Uint8Array<ArrayBuffer>

Features

• loading via require is now supported (#337) (9b5b12b)

Bug Fixes

• identity hash is SyncMultihashHasher<0> (#337) (9b5b12b)
• specify type of backing buffer when Uint8Arrays are returned (#335) (bac2da5)

Changelog

Sourced from multiformats's changelog.

14.0.0 (2026-05-07)

⚠ BREAKING CHANGES

• all Hashers are now MultihashHasher<Code>s
• Returned Uint8Arrays are now Uint8Array<ArrayBuffer>

Bug Fixes

• identity hash is SyncMultihashHasher<0> (#337) (9b5b12b), closes #313 #314
• specify type of backing buffer when Uint8Arrays are returned (#335) (bac2da5)

Commits

• 4610294 chore(release): 14.0.0 [skip ci]
• 9b5b12b fix!: identity hash is SyncMultihashHasher<0> (#337)
• bac2da5 fix!: specify type of backing buffer when Uint8Arrays are returned (#335)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for multiformats since your current version.

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates @types/react from 19.2.14 to 19.2.17

Commits

• See full diff in compare view

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates viem from 2.48.11 to 2.52.2

Release notes

Sourced from viem's releases.

viem@2.52.2

Patch Changes

• #4718 1969c01715736de8a16b841cfed81640f0d708c2 Thanks @​jxom! - Tempo: Set the t5 hardfork on the Tempo Testnet (Moderato) chain.

viem@2.52.0

Minor Changes

• #4689 fb032ee43ace76bbe72170c1b3ed48880033b763 Thanks @​jxom! - viem/tempo: Added admin access key actions, and an accessKey.verifyHash action.

• #4688 19a26084eb448632883602b401516e17cc9f7e0d Thanks @​jxom! - viem/tempo: Added access-key witness actions.

• #4683 42d54ef89a85aa9ef8658a89b67271331b5a31d4 Thanks @​jxom! - viem/tempo: Updated precompile ABIs and added the receivePolicyGuard and signatureVerifier precompile addresses to Addresses, plus the t4/t5/t6 hardforks to Hardfork.

• #4687 0e826149964a6e76d8079b368ca6f034bde7f482 Thanks @​jxom! - viem/tempo: Added receivePolicy actions.

viem@2.51.3

Patch Changes

• #4675 cc15e56ae47e03d2ec8fe9b0e443b4e52b7c350a Thanks @​deodad! - Fixed access key metadata reads incorrectly using the client account.

viem@2.51.2

Patch Changes

• #4668 672a7ef72cd7fb9b9330d5c90979729e6b96cbbc Thanks @​deodad! - viem/tempo: Fixed signVoucher to raw sign channel vouchers with access key accounts.

• #4672 c582dad966c136488b9f36c01f0f3986ff98e407 Thanks @​deodad! - Added a Tempo key authorization manager that can be used by prepareTransactionRequest to attach pending key authorizations.

viem@2.51.0

Minor Changes

• #4663 752712f1d2358715e9d63bd754f80c90a8d02e91 Thanks @​jxom! - viem/tempo: Added Actions.channel actions for reading and mutating TIP-20 channel reserve state.

• #4597 d346038e71f31cb1c82fc94bb49c4ac553a23717 Thanks @​wwared! - viem/op-stack: Added OP Stack super-root dispute game support for withdrawal prove flows.

• #4661 9713c7562eac9fd328e6cc1be7388bc1659a9c27 Thanks @​jxom! - Updated generated Tempo precompile ABIs from latest Tempo main and added logoURI to TIP-20 metadata and token creation.

• #4653 a29cf5eef5809b50bbb7931f35331203c32d7692 Thanks @​islishude! - Added support for eth_getBlockReceipts.

Patch Changes

• #4650 73b8b89c0369597bf4df781b021130f544ebe6b0 Thanks @​deodad! - Exported ExtractFormattedTransactionRequest.

• #4664 c3fda73603695bc68336f6e22f6475ba6ed0cdc7 Thanks @​jxom! - Handled eth_createAccessList responses that include an error field.

• #4660 c5cc58ebbc027029022f09eba54ed2e789b8b2b1 Thanks @​struong! - Emitted a full broadcast envelope when the fee payer co-signed during eth_fillTransaction, enabling single round-trip sponsorship, and stripped feeToken from the sender's sign payload under sponsorship per the Tempo Transaction spec.

• #4654 038a062a8c2a875a3bbd58426e6060cf5d1d7986 Thanks @​deodad! - Added raw signing support to Tempo access key accounts.

viem@2.50.4

... (truncated)

Commits

• 1b6a888 chore: version package (#4719)
• 78a9a60 chore: version package (#4707)
• 5fe74ca docs(tempo): use calls in multisig transaction examples (#4716)
• 1969c01 feat(chains): set t5 hardfork on Tempo Testnet (Moderato) (#4718)
• 394f1c5 chore: bump chains size-limit budgets (#4717)
• 51c51ba Update multisig account support in viem/tempo
• a74b05d chore: bump vitest to fix audit vulnerability (#4715)
• f5ae20d feat(tempo): infer multisig config from account in prepareTransactionRequest ...
• 25c2d6a feat(tempo): add native multisig account support (#4710)
• cee9b68 chore: bump vocs to 2.0.11 (#4708)
• Additional commits viewable in compare view

Updates @chromatic-com/storybook from 5.1.2 to 5.2.1

Release notes

Sourced from @​chromatic-com/storybook's releases.

v5.2.1

🐛 Bug Fix

• Widen peer-dependency range for storybook #434 (@​valentinpalkovic)

Authors: 1

• Valentin Palkovic (@​valentinpalkovic)

v5.2.1-next.0

🐛 Bug Fix

• Widen peer-dependency range for storybook #434 (@​valentinpalkovic)

Authors: 1

• Valentin Palkovic (@​valentinpalkovic)

v5.2.0

🚀 Enhancement

• Add missing ChromaticTypes export to support composite mode #410 (@​jdpnielsen @​ghengeveld)
• Add Share tool to quickly publish a Storybook #418 (@​valentinpalkovic @​ghengeveld @​kylegach)
• Add refresh-token auth flow and harden HTML injection paths #425 (@​ghengeveld @​valentinpalkovic)
• Replace device_code OAuth flow with authorization_code flow #424 (@​ghengeveld @​valentinpalkovic)

🐛 Bug Fix

• Refresh auth preemptively before token expiry #431 (@​ghengeveld)
• Merge remote-tracking branch 'origin/valentin/viral-sharing-2' into valentin/viral-sharing-2 #429 (@​valentinpalkovic)
• Consolidate auth state into a single AuthStore #430 (@​valentinpalkovic)
• Show share expiry based on daysToExpire from CLI #428 (@​ghengeveld @​valentinpalkovic)
• Fix OAuth authorization_code flow #427 (@​ghengeveld)

Authors: 5

• Gert Hengeveld (@​ghengeveld)
• Joshua Daniel Pratt Nielsen (@​jdpnielsen)
• Kyle Gach (@​kylegach)
• Piotr Wysocki (@​piwysocki)
• Valentin Palkovic (@​valentinpalkovic)

v5.2.0-next.5

⚠️ Pushed to next

• Fix TS error (@​ghengeveld)

Authors: 1

• Gert Hengeveld (@​ghengeveld)

... (truncated)

Changelog

Sourced from @​chromatic-com/storybook's changelog.

v5.2.1 (Thu May 14 2026)

🐛 Bug Fix

• Widen peer-dependency range for storybook #434 (@​valentinpalkovic)

Authors: 1

• Valentin Palkovic (@​valentinpalkovic)

---

v5.2.0 (Thu May 14 2026)

🚀 Enhancement

• Add missing ChromaticTypes export to support composite mode #410 (@​jdpnielsen @​ghengeveld)
• Add Share tool to quickly publish a Storybook #418 (@​valentinpalkovic @​ghengeveld @​kylegach)
• Add refresh-token auth flow and harden HTML injection paths #425 (@​ghengeveld @​valentinpalkovic)
• Replace device_code OAuth flow with authorization_code flow #424 (@​ghengeveld @​valentinpalkovic)

🐛 Bug Fix

• Refresh auth preemptively before token expiry #431 (@​ghengeveld)
• Merge remote-tracking branch 'origin/valentin/viral-sharing-2' into valentin/viral-sharing-2 #429 (@​valentinpalkovic)
• Consolidate auth state into a single AuthStore #430 (@​valentinpalkovic)
• Show share expiry based on daysToExpire from CLI #428 (@​ghengeveld @​valentinpalkovic)
• Fix OAuth authorization_code flow #427 (@​ghengeveld)

Authors: 5

• Gert Hengeveld (@​ghengeveld)
• Joshua Daniel Pratt Nielsen (@​jdpnielsen)
• Kyle Gach (@​kylegach)
• Piotr Wysocki (@​piwysocki)
• Valentin Palkovic (@​valentinpalkovic)

---

Commits

• 55bdb73 Bump version to: 5.2.1 [skip ci]
• 59b8146 Update CHANGELOG.md [skip ci]
• 0fe1587 Merge pull request #435 from chromaui/next
• 2c8182d Merge pull request #434 from chromaui/valentin/widen-peer-deps-range
• e1d4e26 Widen peer-dependency range for storybook
• 652b6d0 Bump version to: 5.2.0 [skip ci]
• a16a328 Update CHANGELOG.md [skip ci]
• 0e8f745 Merge pull request #432 from chromaui/next
• 9ba520e Fix TS error
• f03b35e Merge branch 'main' into next
• Additional commits viewable in compare view

Updates @storybook/addon-a11y from 10.3.6 to 10.4.3

Release notes

Sourced from @​storybook/addon-a11y's releases.

v10.4.3

10.4.3

• Addon Docs: Fix Primary and Controls blocks not rendering in custom MDX pages - #34496, thanks @​NYCU-Chung!
• Core: Respect !dev tag on MDX docs in sidebar - #35031, thanks @​JReinhold!
• React: Add support for resolving subcomponents attached as properties of a parent component - #34967, thanks @​yatishgoel!
• UI: Prevent docs page scroll reset on HMR re-render - #35021, thanks @​LongTangGithub!

v10.4.2

10.4.2

• Bug: Fix Windows command resolution for non-Node package managers - #33534, thanks @​copilot-swe-agent!
• Build: Upgrade type-fest to latest version 5.6.0 - #34791, thanks @​tobiasdiez!
• CSF: Fix parsing of string literal export names - #34901, thanks @​shilman!
• Publish: Add npm provenance attestations - #34936, thanks @​copilot-swe-agent!

v10.4.1

10.4.1

• Angular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - #34833, thanks @​valentinpalkovic!
• Build: Upgrade type-fest to latest version 5.6.0 - #34791, thanks @​tobiasdiez!
• CLI: Run `npx expo install --fix` after init for Expo projects - #34803, thanks @​ndelangen!
• CLI: Support `peerDependencies` in framework detection for component libraries - #34516, thanks @​zhyd1997!
• Next.js: Add useLinkStatus mock to next/link export mock - #34593, thanks @​philwolstenholme!
• Vue3: Specify a specific version for non-dev dependency - #34794, thanks @​ScopeyNZ!

v10.4.0

10.4.0

AI-assisted setup, change-aware review, and stronger framework support

Storybook 10.4 contains hundreds of fixes and improvements including:

• 🤖 Agentic Setup: New CLI workflow for AI-assisted Storybook setup and onboarding
• 🔍 Change review: Sidebar filtering to highlight new, modified, and related stories based on git changes
• 🧭 Sidebar review tools: Status filtering, URL-persisted filters, and clearer review signals in the sidebar
• ⚛️ TanStack React: New `@storybook/tanstack-react` framework with routing and server function support
• 🧩 React MCP: Faster, more accurate component docgen powered by the TypeScript Language Server
• 📱 React Native: Zero config RN project initialization
• 🤝 Sharing: Easily publish and share your local Storybook with teammates, powered by Chromatic

• A11y: Add aria-live announcements via @​react-aria/live-announcer - #33970, thanks @​copilot-swe-agent!
• A11y: Improve boolean control contrast in forced colors mode - #34204, thanks @​anchmelev!
• Actions: Fix state mutation and keep newest actions when limit reached - #34286, thanks @​Sidnioulz!
• Addon-Docs: Add Reset story button to re-render stories in docs - #34086, thanks @​6810779s!
• Addon-Docs: Avoid rerendering static Source blocks - #34206, thanks @​anchmelev!
• Addon-Vitest: Use Vitest's provide-API for injecting values - #34518, thanks @​JReinhold!

... (truncated)

Changelog

Sourced from @​storybook/addon-a11y's changelog.

10.4.3

• Addon Docs: Fix Primary and Controls blocks not rendering in custom MDX pages - #34496, thanks @​NYCU-Chung!
• Core: Respect !dev tag on MDX docs in sidebar - #35031, thanks @​JReinhold!
• React: Add support for resolving subcomponents attached as properties of a parent component - #34967, thanks @​yatishgoel!
• UI: Prevent docs page scroll reset on HMR re-render - #35021, thanks @​LongTangGithub!

10.4.2

• Bug: Fix Windows command resolution for non-Node package managers - #33534, thanks @​copilot-swe-agent!
• Build: Upgrade type-fest to latest version 5.6.0 - #34791, thanks @​tobiasdiez!
• CSF: Fix parsing of string literal export names - #34901, thanks @​shilman!
• Publish: Add npm provenance attestations - #34936, thanks @​copilot-swe-agent!

10.4.1

• Angular: Detect model() signal outputs (type inference + compodoc autodocs + runtime binding) - #34833, thanks @​valentinpalkovic!
• Build: Upgrade type-fest to latest version 5.6.0 - #34791, thanks @​tobiasdiez!
• CLI: Run npx expo i...

  Description has been truncated

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
filecoin-pin-website	Error		Jun 16, 2026 5:39pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​radix-ui/​react-accordion@​1.2.12 ⏵ 1.2.13	+1		+1
	@​radix-ui/​react-form@​0.1.8 ⏵ 0.1.9	+1
	@​radix-ui/​react-dialog@​1.1.15 ⏵ 1.1.16	+1
	@​storybook/​react-vite@​10.3.6 ⏵ 10.4.3	+1		+1
	@​vitest/​ui@​4.1.5 ⏵ 4.1.8	+1			+2
	@​storybook/​addon-vitest@​10.3.6 ⏵ 10.4.3	+1		+1
	@​storybook/​addon-a11y@​10.3.6 ⏵ 10.4.3
	@​types/​react@​19.2.14 ⏵ 19.2.17
	vitest@​4.1.5 ⏵ 4.1.8	+1		+1	+2
	@​vitest/​coverage-v8@​4.1.5 ⏵ 4.1.8
	lucide-react@​0.577.0 ⏵ 1.17.0	+1		+2	+1	-19
	playwright@​1.59.1 ⏵ 1.60.0	+1				-19
	@​types/​node@​25.6.2 ⏵ 25.9.2	+1		+1
	jsdom@​28.1.0 ⏵ 29.1.1			+1
	react@​19.2.6 ⏵ 19.2.7
	@​vitest/​browser-playwright@​4.1.5 ⏵ 4.1.8	+1		+1
	@​storybook/​addon-onboarding@​10.3.6 ⏵ 10.4.3				+1
	typescript@​5.9.3 ⏵ 6.0.3	+1		+1
	@​vitejs/​plugin-react@​5.2.0 ⏵ 6.0.2	+1
	@​chromatic-com/​storybook@​5.1.2 ⏵ 5.2.1	+1		+1
	react-dom@​19.2.6 ⏵ 19.2.7
	@​sentry/​react@​10.52.0 ⏵ 10.57.0
	viem@​2.48.11 ⏵ 2.52.2			+1	-1
	@​storybook/​addon-docs@​10.3.6 ⏵ 10.4.3

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @storybook/addon-onboarding is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/@storybook/addon-onboarding@10.4.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@storybook/addon-onboarding@10.4.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm jsdom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/jsdom@29.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@29.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm jsdom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package-lock.json → npm/jsdom@29.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@29.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[SgtPooki]

@dependabot rebase