Skip to content

Patch upgrade for Storybook #12589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rcantin-w merged 1 commit into from
Dec 18, 2025
Merged

Patch upgrade for Storybook #12589

rcantin-w merged 1 commit into from
Dec 18, 2025
+1,157 −1,192

Conversation

@rcantin-w
Copy link
Contributor

@rcantin-w rcantin-w commented Dec 18, 2025
edited
Loading

What does this change?

I don't think we're actually affected, but Dana flagged this vulnerability https://storybook.js.org/blog/security-advisory

And I thought why not, we ignore storybook upgrades at the mo so we don't patch upgrade it with Dependabot so it was due.

Patch in question fixes the issue if ever it is one for us https://github.com/storybookjs/storybook/releases/tag/v8.6.15

How to test

yarn && yarn cardigan

How can we measure success?

Up to date is nice

Have we considered potential risks?

N/A

@rcantin-w rcantin-w marked this pull request as ready for review December 18, 2025 13:08
@rcantin-w rcantin-w requested a review from a team as a code owner December 18, 2025 13:08
Copilot AI review requested due to automatic review settings December 18, 2025 13:08
Copilot AI reviewed Dec 18, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades Storybook from version 8.6.4 to 8.6.15 to address a security vulnerability flagged at https://storybook.js.org/blog/security-advisory. This is a patch-level upgrade that also updates various transitive dependencies in the lockfile, including AWS SDK packages, smithy libraries, TypeScript ESLint packages, and several other utilities.

Key Changes:

  • Storybook packages upgraded from 8.6.4 to 8.6.15 across all addons and core packages
  • AWS SDK packages upgraded from 3.948.x/3.950.x to 3.954.x versions
  • TypeScript ESLint packages upgraded from 8.49.0 to 8.50.0
  • Various other dependency updates in yarn.lock

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
yarn.lock Updates Storybook packages to 8.6.15 and numerous transitive dependencies including AWS SDK, smithy libraries, TypeScript ESLint, and various utilities
cardigan/package.json Updates all Storybook dependency versions from ^8.6.4 to ^8.6.15, and @storybook/react from ^8.4.7 to ^8.6.15

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@rcantin-w rcantin-w moved this from Backlog to Ready for review in Digital experience Dec 18, 2025
@rcantin-w rcantin-w merged commit a16949b into main Dec 18, 2025
15 checks passed
@rcantin-w rcantin-w deleted the patch-storybook branch December 18, 2025 13:25
@rcantin-w rcantin-w moved this from Ready for review to Done in Digital experience Dec 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@davidpmccormick davidpmccormick davidpmccormick approved these changes

Assignees

No one assigned

Labels

None yet

Projects

Digital experience
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rcantin-w @davidpmccormick