Skip to content

chore: Upgrade insecure Baseplate deps#790

Merged
kingston merged 2 commits into
mainfrom
kingston/upgrade-deps
Mar 2, 2026
Merged

chore: Upgrade insecure Baseplate deps#790
kingston merged 2 commits into
mainfrom
kingston/upgrade-deps

Conversation

@kingston

@kingston kingston commented Mar 2, 2026

Copy link
Copy Markdown
Collaborator

Summary by CodeRabbit

  • Chores
    • Updated Storybook and related addon dependencies from version 10.2.8 to 10.2.13 in the UI components package.
    • Cleaned up workspace configuration by removing duplicate entries.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Mar 2, 2026

Copy link
Copy Markdown

Deploying baseplate-storybook with  Cloudflare Pages  Cloudflare Pages

Latest commit: df656d4
Status: ✅  Deploy successful!
Preview URL: https://c6f54fa5.baseplate-storybook.pages.dev
Branch Preview URL: https://kingston-upgrade-deps.baseplate-storybook.pages.dev

View logs

@changeset-bot

changeset-bot Bot commented Mar 2, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 41d5a60

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai

coderabbitai Bot commented Mar 2, 2026

Copy link
Copy Markdown

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Bumped five Storybook-related devDependencies from version 10.2.8 to 10.2.13 in the ui-components package. Adjusted the blockExoticSubdeps configuration setting in pnpm-workspace.yaml.

Changes

Cohort / File(s) Summary
Storybook Dependencies Update
packages/ui-components/package.json
Bumped @storybook/addon-docs, @storybook/addon-links, @storybook/addon-themes, @storybook/react-vite, and storybook devDependencies from 10.2.8 to 10.2.13.
Workspace Configuration
pnpm-workspace.yaml
Repositioned blockExoticSubdeps setting within the configuration file.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Title check ⚠️ Warning The PR title 'Upgrade insecure Baseplate deps' is misleading. The actual changes only bump Storybook versions in package.json and adjust pnpm-workspace.yaml configuration; no security vulnerabilities are documented or fixed. Update the title to accurately reflect the changes, such as 'chore: Bump Storybook dependencies to 10.2.13' or 'chore: Update Storybook and pnpm configuration'.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch kingston/upgrade-deps

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@socket-security

socket-security Bot commented Mar 2, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​storybook/​react-vite@​10.2.8 ⏵ 10.2.1399 -110073 -27100100
Updatedstorybook@​10.2.8 ⏵ 10.2.1399 +1100 +1688 +1100100
Updated@​storybook/​addon-themes@​10.2.8 ⏵ 10.2.1310010091100100
Updated@​storybook/​addon-docs@​10.2.8 ⏵ 10.2.1399100100100100
Updated@​storybook/​addon-links@​10.2.8 ⏵ 10.2.13100100100100100

View full report

@kingston kingston merged commit cc6625c into main Mar 2, 2026
9 checks passed
@kingston kingston deleted the kingston/upgrade-deps branch March 2, 2026 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant