[Snyk] Upgrade @storybook/theming from 7.6.19 to 8.3.4

[WontonSam]

Snyk has created this PR to upgrade @storybook/theming from 7.6.19 to 8.3.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 114 versions ahead of your current version.

• The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	159	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	159	Proof of Concept
	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	159	No Known Exploit
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	159	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	159	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	159	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	159	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	159	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	159	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	159	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	159	Proof of Concept

Release notes

Package name: @storybook/theming

• 8.3.4 - 2024-09-28
  

  8.3.4

  • Addon Test: Support story name as test description - #29147, thanks @ InfiniteXyy!
  • Addon-Interactions: Use ansi-to-html for colored test errors - #29110, thanks @ kasperpeulen!
• 8.3.3 - 2024-09-24
  

  8.3.3

  • CLI: Show constraints in error when getting depndencies - #29187, thanks @ andrasczeh!
  • React-Vite: Downgrade react-docgen-typescript plugin - #29184, thanks @ shilman!
  • UI: Fix composed storybook TooltipLinkList bug where href isn't passed forward - #29175, thanks @ JSMike!
• 8.3.2 - 2024-09-19
  

  8.3.2

  • CLI: Fix skip-install for stable latest releases - #29133, thanks @ valentinpalkovic!
  • Core: Do not add packageManager field to package.json during storybook dev - #29152, thanks @ valentinpalkovic!
• 8.3.1 - 2024-09-16
  

  8.3.1

  • Angular: Fix sourceDecorator to apply excludeDecorators flag - #29069, thanks @ JSMike!
  • Core: Do not prebundle better-opn - #29137, thanks @ valentinpalkovic!
  • Core: Do not prebundle jsdoc-type-pratt-parser - #29134, thanks @ valentinpalkovic!
  • Next.js: Upgrade sass-loader from ^12 to ^13 - #29040, thanks @ HoncharenkoZhenya!
• 8.3.0 - 2024-09-11
  

  8.3.0

  Fresh out of the oven! Storybook 8.3 brings you:

  • ⚡️ First-class Vitest integration to run stories as component tests
  • 🔼 Next.js-Vite framework for Vitest compatibility and better DX
  • 🗜️ Further reduced bundle size for a smaller install footprint
  • 🌐 Experimental Story globals to standardize stories for themes, viewports, and locales
  • 💯 Hundreds more improvements
  List of all updates

  • Addon Test: Improve messages and post install script handling - #29036, thanks @ yannbf!
  • Addon Viewport: Add default options via parameters - #28944, thanks @ ndelangen!
  • Addon Test: Add experimental vitest integration - #28768, thanks @ kasperpeulen!
  • Addon Test: Fix error message logic in set up file - #28906, thanks @ yannbf!
  • Addon Test: Fix indentation of 'vitePluginNext' in generated Vitest config file - #29011, thanks @ ghengeveld!
  • Addon Test: Fix postinstall file types - #28978, thanks @ shilman!
  • Addon Test: Fix tests potentially not existing in non-isolate mode - #28993, thanks @ yannbf!
  • Addon Test: Improve transformation logic to avoid duplicate tests - #28929, thanks @ yannbf!
  • Addon Test: Set default viewport if applicable - #28905, thanks @ yannbf!
  • Addon Test: Set screenshotFailures to false by default - #28908, thanks @ yannbf!
  • Addon Docs: Remove babel dependency - #28915, thanks @ shilman!
  • Addon Interactions: Fix status in panel tab - #28580, thanks @ yannbf!
  • Angular: Fix Angular template error for props with a circular reference - #28498, thanks @ Marklb!
  • Angular: Fix template props not able to use dot notation - #28588, thanks @ Marklb!
  • Backgrounds/Viewports: Make defaults overridable in StoryGlobals-mode - #29025, thanks @ JReinhold!
  • Blocks: Fix scroll to non-ascii anchors - #28826, thanks @ SkReD!
  • Build: Remove external overrides, use package.json as source of truth - #28632, thanks @ kasperpeulen!
  • Builder-Vite: Add null character prefix to virtual file IDs - #28863, thanks @ valentinpalkovic!
  • Builder-Vite: Fix 'condition node never be used' warning - #28989, thanks @ valentinpalkovic!
  • CLI: Add conditional logging for manager and preview start - #28603, thanks @ tobiasdiez!
  • CLI: Fix dedent import in package managers - #28980, thanks @ shilman!
  • CLI: Fix the initialization of Storybook in workspaces - #28699, thanks @ valentinpalkovic!
  • CLI: Handle Yarn PnP wrapper scenario when adding an addon - #29027, thanks @ yannbf!
  • CLI: Make PackageJson optional for starting a dev server - #28594, thanks @ tobiasdiez!
  • CLI: Update spawn options in proxy.ts to support Windows - #28990, thanks @ valentinpalkovic!
  • Components: Remove external overrides - #28632, thanks @ kasperpeulen!
  • ConfigFile: Fix as const satisfies modifiers - #29000, thanks @ shilman!
  • Controls: Add disableSave parameter - #28734, thanks @ valentinpalkovic!
  • Core: Add Rsbuild frameworks to known frameworks - #28694, thanks @ fi3ework!
  • Core: De-duplicate babel use in core - #28972, thanks @ ndelangen!
  • Core: Fix header for MountMustBeDestructuredError message - #28590, thanks @ 0916dhkim!
  • Core: Fix manager-builder tsconfig to emit react-jsx - #28541, thanks @ williamhelmrath!
  • Core: Introduce setProjectAnnotations API to more renderers and frameworks - #28907, thanks @ yannbf!
  • Core: Make sure CJS build always has lowest prio - #28829, thanks @ kasperpeulen!
  • Core: Move util to regular dependency - #29008, thanks @ ndelangen!
  • Core: Split Storybook CLI - #28519, thanks @ kasperpeulen!
  • Core: Upgrade docs-mdx for smaller install - #28552, thanks @ shilman!
  • CPC: Add ESM export to docs-tools & node-logger packages - #28539, thanks @ ndelangen!
  • CPC: Fix missing dependency in @ storybook/addon-interactions - #28518, thanks @ ndelangen!
  • CPC: Fix type generation - #28507, thanks @ ndelangen!
  • CPC: Revert renames of panels, addon_ids - #28524, thanks @ ndelangen!
  • CSF: Allow overridding globals at the story level - #26654, thanks @ tmeasday!
  • Dependencies: Upgrade commander - #28857, thanks @ 43081j!
  • Fix: Add header for MountMustBeDestructuredError message - #28590, thanks @ 0916dhkim!
  • Fix: Prevent iframe from capturing mouse events in composed Storybooks - #28568, thanks @ Vincentdevreede!
  • Maintenance: Add node:-prefix to node core-modules - #28860, thanks @ ndelangen!
  • Maintenance: Rename addon-vitest to addon-test - #29014, thanks @ yannbf!
  • Next.js-Vite: Fix vite plugin exports - #29046, thanks @ valentinpalkovic!
  • Next.js-Vite: Streamline Next.js dir option - #28995, thanks @ valentinpalkovic!
  • Next.js-Vite: Update next and vite-plugin-storybook-nextjs dependencies - #28994, thanks @ valentinpalkovic!
  • Next.js: Add @ storybook/nextjs-vite package - #28800, thanks @ valentinpalkovic!
  • Next.js: Fix wrong Next.js framework reference - #28992, thanks @ valentinpalkovic!
  • Next.js: Make RSC portable-stories compatible - #28756, thanks @ valentinpalkovic!
  • Next.js: Update dependencies - #29052, thanks @ valentinpalkovic!
  • Nextjs-Vite: Re-export vite-plugin-storybook-nextjs - #29012, thanks @ valentinpalkovic!
  • Portable Stories: Improve Handling of React Updates and Errors - #29044, thanks @ valentinpalkovic!
  • React: Avoid 'Dynamic require of react is not possible' issue - #28730, thanks @ valentinpalkovic!
  • React: Bundle in lodash - #28609, thanks @ ndelangen!
  • Svelte: Fix events not being logged in Actions when a story has decorators - #28247, thanks @ JReinhold!
  • SvelteKit: Introduce portable stories support - #28918, thanks @ yannbf!
  • SvelteKit/Vue3: Refactor plugin export paths - #29016, thanks @ yannbf!
  • Telemetry: Add globals stats - #28822, thanks @ shilman!
  • Telemetry: Add portable stories - #26764, thanks @ shilman!
  • Test: Fix support for TS < 4.7 - #28887, thanks @ ndelangen!
  • Test: Rename vitest plugin entrypoint - #29067, thanks @ yannbf!
  • Test: Upgrade Vitest to v2 - #28788, thanks @ yannbf!
  • Types: Adjust beforeAll to be non-nullable in NormalizedProjectAnnotations - #28671, thanks @ kasperpeulen!
  • Types: Update type signatures of objects and functions - #28503, thanks @ valentinpalkovic!
  • UI: Fix collapse/expand all functionality - #28582, thanks @ filipemelo2002!
  • UI: Fix conditional hooks usage in sidebar - #28979, thanks @ JReinhold!
  • UI: Fix sidebar not wrapping - #29055, thanks @ JReinhold!
  • Vite: Fix HMR - #28876, thanks @ ndelangen!
  • Vite: Fix missing source map warning - #28984, thanks @ valentinpalkovic!
  • Vitest: Fix add command - #28975, thanks @ ghengeveld!
  • Vitest: Fix default viewport - #28943, thanks @ kasperpeulen!
  • Vitest: Implement add command for vitest addon - #28920, thanks @ kasperpeulen!
  • Vue: Add missing prop controls when using vue-component-meta docgen plugin - #28760, thanks @ larsrickert!
  • Vue: Improve generated code snippets - #27194, thanks @ larsrickert!
  • Vue3: Add vite plugin for portable stories - #29004, thanks @ yannbf!
• 8.3.0-beta.5 - 2024-09-11
  

  8.3.0-beta.5

  • Portable Stories: Improve Handling of React Updates and Errors - #29044, thanks @ valentinpalkovic!
  • Vite: Fix missing source map warning - #28984, thanks @ valentinpalkovic!
  • Vue: Add missing prop controls when using vue-component-meta docgen plugin - #28760, thanks @ larsrickert!
• 8.3.0-beta.4 - 2024-09-09
  

  8.3.0-beta.4

  • Test: Rename vitest plugin entrypoint - #29067, thanks @ yannbf!
  • UI: Fix sidebar not wrapping - #29055, thanks @ JReinhold!
• 8.3.0-beta.3 - 2024-09-05
  

  8.3.0-beta.3

  • Addon Test: Improve messages and post install script handling - #29036, thanks @ yannbf!
  • Next.js-Vite: Fix vite plugin exports - #29046, thanks @ valentinpalkovic!
  • Next.js: Update dependencies - #29052, thanks @ valentinpalkovic!
  • UI: Fix conditional hooks usage in sidebar - #28979, thanks @ JReinhold!
• 8.3.0-beta.2 - 2024-09-02
• 8.3.0-beta.1 - 2024-08-30
• 8.3.0-beta.0 - 2024-08-29
• 8.3.0-alpha.11 - 2024-08-29
• 8.3.0-alpha.10 - 2024-08-27
• 8.3.0-alpha.9 - 2024-08-23
• 8.3.0-alpha.8 - 2024-08-21
• 8.3.0-alpha.7 - 2024-08-17
• 8.3.0-alpha.6 - 2024-08-14
• 8.3.0-alpha.5 - 2024-08-13
• 8.3.0-alpha.4 - 2024-08-06
• 8.3.0-alpha.3 - 2024-07-29
• 8.3.0-alpha.2 - 2024-07-19
• 8.3.0-alpha.1 - 2024-07-16
• 8.3.0-alpha.0 - 2024-07-10
• 8.2.9 - 2024-08-13
• 8.2.8 - 2024-08-07
• 8.2.7 - 2024-08-01
• 8.2.6 - 2024-07-24
• 8.2.5 - 2024-07-19
• 8.2.4 - 2024-07-16
• 8.2.3 - 2024-07-15
• 8.2.2 - 2024-07-11
• 8.2.1 - 2024-07-10
• 8.2.0 - 2024-07-10
• 8.2.0-beta.3 - 2024-07-09
• 8.2.0-beta.2 - 2024-07-08
• 8.2.0-beta.1 - 2024-07-08
• 8.2.0-beta.0 - 2024-07-04
• 8.2.0-alpha.10 - 2024-06-17
• 8.2.0-alpha.9 - 2024-06-14
• 8.2.0-alpha.8 - 2024-06-12
• 8.2.0-alpha.7 - 2024-06-10
• 8.2.0-alpha.6 - 2024-06-07
• 8.2.0-alpha.5 - 2024-06-02
• 8.2.0-alpha.4 - 2024-05-30
• 8.2.0-alpha.3 - 2024-05-27
• 8.2.0-alpha.2 - 2024-05-18
• 8.2.0-alpha.1 - 2024-05-15
• 8.2.0-alpha.0 - 2024-05-14
• 8.1.11 - 2024-06-27
• 8.1.10 - 2024-06-17
• 8.1.9 - 2024-06-13
• 8.1.8 - 2024-06-13
• 8.1.7 - 2024-06-12
• 8.1.6 - 2024-06-05
• 8.1.5 - 2024-05-30
• 8.1.4 - 2024-05-27
• 8.1.3 - 2024-05-23
• 8.1.2 - 2024-05-21
• 8.1.1 - 2024-05-15
• 8.1.0 - 2024-05-14
• 8.1.0-beta.1 - 2024-05-13
• 8.1.0-beta.0 - 2024-05-09
• 8.1.0-alpha.8 - 2024-05-05
• 8.1.0-alpha.7 - 2024-04-11
• 8.1.0-alpha.6 - 2024-04-05
• 8.1.0-alpha.5 - 2024-03-27
• 8.1.0-alpha.4 - 2024-03-21
• 8.1.0-alpha.3 - 2024-03-19
• 8.1.0-alpha.2 - 2024-03-16
• 8.1.0-alpha.1 - 2024-03-12
• 8.1.0-alpha.0 - 2024-03-12
• 8.0.10 - 2024-05-05
• 8.0.9 - 2024-04-22
• 8.0.8 - 2024-04-11
• 8.0.7 - 2024-04-11
• 8.0.6 - 2024-04-05
• 8.0.5 - 2024-03-28
• 8.0.4 - 2024-03-21
• 8.0.3 - 2024-03-21
• 8.0.2 - 2024-03-19
• 8.0.1 - 2024-03-18
• 8.0.0 - 2024-03-11
• 8.0.0-rc.5 - 2024-03-11
• 8.0.0-rc.4 - 2024-03-11
• 8.0.0-rc.3 - 2024-03-07
• 8.0.0-rc.2 - 2024-03-05
• 8.0.0-rc.1 - 2024-03-02
• 8.0.0-rc.0 - 2024-02-29
• 8.0.0-beta.6 - 2024-02-28
• 8.0.0-beta.5 - 2024-02-23
• 8.0.0-beta.4 - 2024-02-20
• 8.0.0-beta.3 - 2024-02-17
• 8.0.0-beta.2 - 2024-02-10
• 8.0.0-beta.1 - 2024-02-06
• 8.0.0-beta.0 - 2024-02-02
• 8.0.0-alpha.17 - 2024-02-01
• 8.0.0-alpha.16 - 2024-01-30
• 8.0.0-alpha.15 - 2024-01-26
• 8.0.0-alpha.14 - 2024-01-24
• 8.0.0-alpha.13 - 2024-01-22
• 8.0.0-alpha.12 - 2024-01-19
• 8.0.0-alpha.11 - 2024-01-18
• 8.0.0-alpha.10 - 2024-01-15
• 8.0.0-alpha.9 - 2024-01-10
• 8.0.0-alpha.8 - 2024-01-06
• 8.0.0-alpha.7 - 2024-01-04
• 8.0.0-alpha.6 - 2023-12-30
• 8.0.0-alpha.5 - 2023-12-24
• 8.0.0-alpha.4 - 2023-12-19
• 8.0.0-alpha.3 - 2023-12-11
• 8.0.0-alpha.2 - 2023-12-11
• 8.0.0-alpha.1 - 2023-12-07
• 8.0.0-alpha.0 - 2023-11-28
• 7.6.20 - 2024-06-24
• 7.6.19 - 2024-05-01

from @storybook/theming GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@storybook/theming","from":"7.6.19","to":"8.3.4"}],"env":"prod","hasFixes":true,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIREGEX-1583908","issue_id":"SNYK-JS-ANSIREGEX-1583908","priority_score":159,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00396},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Sep 12 2021 12:52:37 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":169,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:36:53 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99...

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.