Skip to content

chore: bump the all group in /web with 11 updates#1147

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/web/all-e4ea944c4a
Closed

chore: bump the all group in /web with 11 updates#1147
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/web/all-e4ea944c4a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026

Bumps the all group in /web with 11 updates:

Package From To
shadcn 4.1.2 4.2.0
@storybook/addon-a11y 10.3.4 10.3.5
@storybook/addon-docs 10.3.4 10.3.5
@storybook/react 10.3.4 10.3.5
@storybook/react-vite 10.3.4 10.3.5
@vitest/coverage-v8 4.1.2 4.1.3
msw 2.13.0 2.13.1
storybook 10.3.4 10.3.5
typescript-eslint 8.58.0 8.58.1
vite 8.0.5 8.0.7
vitest 4.1.2 4.1.3

Updates shadcn from 4.1.2 to 4.2.0

Release notes

Sourced from shadcn's releases.

shadcn@4.2.0

Minor Changes

Changelog

Sourced from shadcn's changelog.

4.2.0

Minor Changes

Commits

Updates @storybook/addon-a11y from 10.3.4 to 10.3.5

Release notes

Sourced from @​storybook/addon-a11y's releases.

v10.3.5

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Changelog

Sourced from @​storybook/addon-a11y's changelog.

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Commits

Updates @storybook/addon-docs from 10.3.4 to 10.3.5

Release notes

Sourced from @​storybook/addon-docs's releases.

v10.3.5

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Changelog

Sourced from @​storybook/addon-docs's changelog.

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Commits
  • e486d38 Bump version from "10.3.4" to "10.3.5" [skip ci]
  • ee73b65 Merge pull request #34455 from seojcarlos/fix/remove-duplicate-words
  • See full diff in compare view

Updates @storybook/react from 10.3.4 to 10.3.5

Release notes

Sourced from @​storybook/react's releases.

v10.3.5

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Changelog

Sourced from @​storybook/react's changelog.

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Commits

Updates @storybook/react-vite from 10.3.4 to 10.3.5

Release notes

Sourced from @​storybook/react-vite's releases.

v10.3.5

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Changelog

Sourced from @​storybook/react-vite's changelog.

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Commits

Updates @vitest/coverage-v8 from 4.1.2 to 4.1.3

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates msw from 2.13.0 to 2.13.1

Release notes

Sourced from msw's releases.

v2.13.1 (2026-04-07)

Bug Fixes

  • annotate life-cycle events correctly (#2694) (e7890e91627c828bd4d788f09e179bffbc8a8506) @​kettanaito
Commits

Updates storybook from 10.3.4 to 10.3.5

Release notes

Sourced from storybook's releases.

v10.3.5

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Changelog

Sourced from storybook's changelog.

10.3.5

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

Commits
  • e486d38 Bump version from "10.3.4" to "10.3.5" [skip ci]
  • 0b3ac65 Merge pull request #34408 from storybookjs/yann/disable-component-manifest-de...
  • ee73b65 Merge pull request #34455 from seojcarlos/fix/remove-duplicate-words
  • See full diff in compare view

Updates typescript-eslint from 8.58.0 to 8.58.1

Release notes

Sourced from typescript-eslint's releases.

v8.58.1

8.58.1 (2026-04-08)

🩹 Fixes

  • eslint-plugin: [no-unused-vars] fix false negative for type predicate parameter (#12004)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.58.1 (2026-04-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates vite from 8.0.5 to 8.0.7

Release notes

Sourced from vite's releases.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.7 (2026-04-07)

Bug Fixes

  • use sync dns.getDefaultResultOrder instead of dns.promises (#22185) (5c05b04)

8.0.6 (2026-04-07)

Features

Bug Fixes

Performance Improvements

  • early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#22151) (56ec256)

Miscellaneous Chores

Commits
  • fdb2e6f release: v8.0.7
  • 5c05b04 fix: use sync dns.getDefaultResultOrder instead of dns.promises (#22185)
  • 7b3086f release: v8.0.6
  • af71fb2 chore: replace remaining prettier script (#22179)
  • 51d3e48 feat: update rolldown to 1.0.0-rc.13 (#22097)
  • 17a8f9e fix(optimize-deps): hoist CJS interop assignment (#22156)
  • d5081c2 fix(css): avoid mutating sass error multiple times (#22115)
  • 56ec256 perf: early return in getLocalhostAddressIfDiffersFromDNS when DNS order is...
  • bdc53ab chore(create-vite): remove unnecessary DOM.Iterable (#22168)
  • See full diff in compare view

Updates vitest from 4.1.2 to 4.1.3

Release notes

Sourced from vitest's releases.

v4.1.3

   🚀 Experimental Features

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • 2dc0d62 chore: release v4.1.3
  • 7827363 feat: add experimental.preParse flag (#10070)
  • 691d341 fix(snapshot): export custom snapshot matcher helper from vitest (#10042)
  • 59b0e64 feat(experimental/snapshot): support custom snapshot matcher (#9973)
  • 487990a feat(experimental): support browser.locators.exact option (#10013)
  • 146d4f0 fix: add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional de...
  • 3f5bfa3 fix: advance fake timers with expect.poll interval (#10022)
  • 9dbf477 fix(vm): fix external module resolve error with deps optimizer query (#10024)
  • ec20455 fix(expect): don't leak "runner" types (#10004)
  • 66751c9 fix(expect): remove JestExtendError.context from verbose error reporting (#...
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the all group in /web with 11 updates
0553706 
Bumps the all group in /web with 11 updates:

| Package | From | To |
| --- | --- | --- |
| [shadcn](https://github.com/shadcn-ui/ui/tree/HEAD/packages/shadcn) | `4.1.2` | `4.2.0` |
| [@storybook/addon-a11y](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/a11y) | `10.3.4` | `10.3.5` |
| [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/docs) | `10.3.4` | `10.3.5` |
| [@storybook/react](https://github.com/storybookjs/storybook/tree/HEAD/code/renderers/react) | `10.3.4` | `10.3.5` |
| [@storybook/react-vite](https://github.com/storybookjs/storybook/tree/HEAD/code/frameworks/react-vite) | `10.3.4` | `10.3.5` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.2` | `4.1.3` |
| [msw](https://github.com/mswjs/msw) | `2.13.0` | `2.13.1` |
| [storybook](https://github.com/storybookjs/storybook/tree/HEAD/code/core) | `10.3.4` | `10.3.5` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.58.0` | `8.58.1` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.5` | `8.0.7` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.2` | `4.1.3` |


Updates `shadcn` from 4.1.2 to 4.2.0
- [Release notes](https://github.com/shadcn-ui/ui/releases)
- [Changelog](https://github.com/shadcn-ui/ui/blob/main/packages/shadcn/CHANGELOG.md)
- [Commits](https://github.com/shadcn-ui/ui/commits/shadcn@4.2.0/packages/shadcn)

Updates `@storybook/addon-a11y` from 10.3.4 to 10.3.5
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.3.5/code/addons/a11y)

Updates `@storybook/addon-docs` from 10.3.4 to 10.3.5
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.3.5/code/addons/docs)

Updates `@storybook/react` from 10.3.4 to 10.3.5
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.3.5/code/renderers/react)

Updates `@storybook/react-vite` from 10.3.4 to 10.3.5
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.3.5/code/frameworks/react-vite)

Updates `@vitest/coverage-v8` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.3/packages/coverage-v8)

Updates `msw` from 2.13.0 to 2.13.1
- [Release notes](https://github.com/mswjs/msw/releases)
- [Changelog](https://github.com/mswjs/msw/blob/main/CHANGELOG.md)
- [Commits](mswjs/msw@v2.13.0...v2.13.1)

Updates `storybook` from 10.3.4 to 10.3.5
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.3.5/code/core)

Updates `typescript-eslint` from 8.58.0 to 8.58.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.1/packages/typescript-eslint)

Updates `vite` from 8.0.5 to 8.0.7
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.7/packages/vite)

Updates `vitest` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.3/packages/vitest)

---
updated-dependencies:
- dependency-name: shadcn
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: "@storybook/addon-a11y"
  dependency-version: 10.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: "@storybook/addon-docs"
  dependency-version: 10.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: "@storybook/react"
  dependency-version: 10.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: "@storybook/react-vite"
  dependency-version: 10.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: msw
  dependency-version: 2.13.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: storybook
  dependency-version: 10.3.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: typescript-eslint
  dependency-version: 8.58.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: vite
  dependency-version: 8.0.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: vitest
  dependency-version: 4.1.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file scope:web Vue 3 dashboard type:chore Maintenance, cleanup, dependency updates labels Apr 8, 2026
@dependabot dependabot bot requested a review from Aureliolo as a code owner April 8, 2026 06:15
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 8, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednpm/​@​types/​grecaptcha@​3.0.91001007180100
Addednpm/​vitest@​4.1.2961007999100
Addednpm/​@​astrojs/​sitemap@​3.7.21001008293100
Addednpm/​@​astrojs/​react@​5.0.3991008296100
Addednpm/​tailwindcss@​4.2.21001008498100
Addednpm/​react@​19.2.41001008497100
Addednpm/​astro@​6.1.4971008898100
Addednpm/​react-dom@​19.2.41001009298100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 8, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm vite is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: site/package-lock.jsonnpm/@tailwindcss/vite@4.2.2npm/vitest@4.1.2npm/@astrojs/react@5.0.3npm/astro@6.1.4npm/vite@8.0.5

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@8.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 0553706.
Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@emnapi/core 1.9.1 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1021 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/runtime 1.9.1 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1021 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@emnapi/wasi-threads 1.2.0 🟢 3.8
Details
CheckScoreReason
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1021 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@oxc-project/types 0.123.0 UnknownUnknown
npm/@rolldown/binding-android-arm64 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-darwin-arm64 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-darwin-x64 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-freebsd-x64 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-linux-arm-gnueabihf 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-linux-arm64-gnu 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-linux-arm64-musl 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-linux-ppc64-gnu 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-linux-s390x-gnu 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-linux-x64-gnu 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-linux-x64-musl 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-openharmony-arm64 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-wasm32-wasi 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-win32-arm64-msvc 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/binding-win32-x64-msvc 1.0.0-rc.13 UnknownUnknown
npm/@rolldown/pluginutils 1.0.0-rc.13 UnknownUnknown
npm/@storybook/addon-a11y 10.3.5 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@storybook/addon-docs 10.3.5 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@storybook/builder-vite 10.3.5 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@storybook/csf-plugin 10.3.5 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@storybook/react 10.3.5 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@storybook/react-dom-shim 10.3.5 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@storybook/react-vite 10.3.5 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@typescript-eslint/eslint-plugin 8.58.1 UnknownUnknown
npm/@typescript-eslint/parser 8.58.1 UnknownUnknown
npm/@typescript-eslint/project-service 8.58.1 UnknownUnknown
npm/@typescript-eslint/scope-manager 8.58.1 UnknownUnknown
npm/@typescript-eslint/tsconfig-utils 8.58.1 UnknownUnknown
npm/@typescript-eslint/type-utils 8.58.1 UnknownUnknown
npm/@typescript-eslint/types 8.58.1 UnknownUnknown
npm/@typescript-eslint/typescript-estree 8.58.1 UnknownUnknown
npm/@typescript-eslint/utils 8.58.1 UnknownUnknown
npm/@typescript-eslint/visitor-keys 8.58.1 UnknownUnknown
npm/@vitest/coverage-v8 4.1.3 UnknownUnknown
npm/@vitest/expect 4.1.3 UnknownUnknown
npm/@vitest/mocker 4.1.3 UnknownUnknown
npm/@vitest/pretty-format 4.1.3 UnknownUnknown
npm/@vitest/runner 4.1.3 UnknownUnknown
npm/@vitest/snapshot 4.1.3 UnknownUnknown
npm/@vitest/spy 4.1.3 UnknownUnknown
npm/@vitest/utils 4.1.3 UnknownUnknown
npm/msw 2.13.1 🟢 4.5
Details
CheckScoreReason
Code-Review⚠️ 2Found 6/30 approved changesets -- score normalized to 2
Maintained🟢 1029 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/rolldown 1.0.0-rc.13 UnknownUnknown
npm/shadcn 4.2.0 UnknownUnknown
npm/storybook 10.3.5 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/typescript-eslint 8.58.1 🟢 5.8
Details
CheckScoreReason
Code-Review🟢 7Found 19/25 approved changesets -- score normalized to 7
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/vite 8.0.7 🟢 6.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 5Found 12/21 approved changesets -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 5detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Binary-Artifacts🟢 5binaries present in source code
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 4SAST tool is not run on all commits -- score normalized to 4
npm/vitest 4.1.3 UnknownUnknown

Scanned Files

  • web/package-lock.json

@Aureliolo Aureliolo mentioned this pull request Apr 8, 2026
Merged
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 8, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/web/all-e4ea944c4a branch April 8, 2026 15:57
@Aureliolo Aureliolo mentioned this pull request Apr 8, 2026
Merged
Aureliolo added a commit that referenced this pull request Apr 9, 2026
@Aureliolo @github-actions
chore(main): release 0.6.5 (#1149)
fdd4611 
🤖 I have created a release *beep* *boop*
---


##
[0.6.5](v0.6.4...v0.6.5)
(2026-04-09)


### Features

* add control-plane API endpoints batch
([#1118](#1118),
[#1119](#1119),
[#1120](#1120),
[#1121](#1121))
([#1138](#1138))
([af11f0a](af11f0a))
* engine intelligence v2 -- trace enrichment, compaction, versioning
eval ([#1139](#1139))
([ed57dfa](ed57dfa)),
closes [#1123](#1123)
[#1125](#1125)
[#1113](#1113)
* generalize versioning to VersionSnapshot[T] for all entity types
([#1155](#1155))
([5f563ce](5f563ce)),
closes [#1131](#1131)
[#1132](#1132)
[#1133](#1133)
* implement auxiliary tool categories -- design, communication,
analytics ([#1152](#1152))
([b506ba4](b506ba4))
* implement multi-project support -- engine orchestration
([#242](#242))
([#1153](#1153))
([74f1362](74f1362))
* implement SharedKnowledgeStore append-only + MVCC consistency model
(Phase 1.5) ([#1134](#1134))
([965d3a1](965d3a1)),
closes [#1130](#1130)
* implement shutdown strategies and SUSPENDED task status
([#1151](#1151))
([6a0db11](6a0db11))
* persistent cost aggregation for project-lifetime budgets
([#1173](#1173))
([5c212c5](5c212c5)),
closes [#1156](#1156)
* Prometheus /metrics endpoint and OTLP exporter
([#1122](#1122))
([#1135](#1135))
([aaeaae9](aaeaae9)),
closes [#1124](#1124)
* Prometheus metrics -- daily budget %, per-agent cost, per-agent budget
% ([#1154](#1154))
([581c494](581c494)),
closes [#1148](#1148)


### Bug Fixes

* communication hardening -- meeting cooldown, circuit breaker backoff,
debate fallback
([#1140](#1140))
([fe82894](fe82894)),
closes [#1115](#1115)
[#1116](#1116)
[#1117](#1117)


### CI/CD

* bump wrangler from 4.80.0 to 4.81.0 in /.github in the all group
([#1144](#1144))
([b7c0945](b7c0945))


### Maintenance

* bump python from `6869258` to `5e59aae` in /docker/backend in the all
group ([#1141](#1141))
([01e99c2](01e99c2))
* bump python from `6869258` to `5e59aae` in /docker/sandbox in the all
group ([#1143](#1143))
([ea755bd](ea755bd))
* bump python from `6869258` to `5e59aae` in /docker/web in the all
group ([#1142](#1142))
([5416dd9](5416dd9))
* bump the all group across 1 directory with 2 updates
([#1181](#1181))
([d3d5adf](d3d5adf))
* bump the all group across 1 directory with 3 updates
([#1146](#1146))
([c609e6c](c609e6c))
* bump the all group in /cli with 2 updates
([#1177](#1177))
([afd9cde](afd9cde))
* bump the all group in /site with 3 updates
([#1178](#1178))
([7cff82a](7cff82a))
* bump the all group with 2 updates
([#1180](#1180))
([199a1a8](199a1a8))
* bump vitest from 4.1.2 to 4.1.3 in /site in the all group
([#1145](#1145))
([a8c1194](a8c1194))
* consolidated web deps (11 packages + hono security + test fixes)
([#1150](#1150))
([63a9390](63a9390)),
closes [#1147](#1147)
[#1136](#1136)
[#1137](#1137)
* pin Docker Python base image to 3.14.x
([#1182](#1182))
([8ffdd86](8ffdd86))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aureliolo Aureliolo Awaiting requested review from Aureliolo Aureliolo is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file scope:web Vue 3 dashboard type:chore Maintenance, cleanup, dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants