Skip to content

chore(deps-dev): bump @storybook/addon-docs from 10.4.2 to 10.4.6#152

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/storybook/addon-docs-10.4.6
Open

chore(deps-dev): bump @storybook/addon-docs from 10.4.2 to 10.4.6#152
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/storybook/addon-docs-10.4.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps @storybook/addon-docs from 10.4.2 to 10.4.6.

Release notes

Sourced from @​storybook/addon-docs's releases.

v10.4.6

10.4.6

v10.4.5

10.4.5

v10.4.4

10.4.4

  • Telemetry: Add timeout to event-log POST to prevent build hang - #35085, thanks @​badams!

v10.4.3

10.4.3

Changelog

Sourced from @​storybook/addon-docs's changelog.

10.4.6

10.4.5

10.4.4

  • Telemetry: Add timeout to event-log POST to prevent build hang - #35085, thanks @​badams!

10.4.3

Commits
  • 5496a42 Bump version from "10.4.5" to "10.4.6" [skip ci]
  • 48e7b20 Bump version from "10.4.4" to "10.4.5" [skip ci]
  • 5adebe7 Bump version from "10.4.3" to "10.4.4" [skip ci]
  • 624e618 Bump version from "10.4.2" to "10.4.3" [skip ci]
  • c898822 Merge pull request #34496 from NYCU-Chung/fix/docs-blocks-custom-mdx
  • c920fd0 Merge pull request #35021 from LongTangGithub/fix/docs-hmr-scroll-to-top
  • 1750494 Merge pull request #35031 from storybookjs/jeppe/fix-mdx-no-dev-tag
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@storybook/addon-docs](https://github.com/storybookjs/storybook/tree/HEAD/code/addons/docs) from 10.4.2 to 10.4.6.
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.4.6/code/addons/docs)

---
updated-dependencies:
- dependency-name: "@storybook/addon-docs"
  dependency-version: 10.4.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
francescoronel Ready Ready Preview, Comment Jul 1, 2026 1:06pm

Copy link
Copy Markdown
Owner

Dependabot PR Review

Summary: @storybook/addon-docs 10.4.2 → 10.4.6 — patch bump, no breaking changes noted.

CI Status

  • Lint ✅, Type check ✅
  • Security audit ❌ — pre-existing, repo-wide npm audit failure (15 vulnerabilities: form-data high, undici high, postcss/next moderate, js-yaml/markdown-it moderate via markdownlint-cli2). This is unrelated to this dependency and is currently blocking every open Dependabot PR from a clean CI run.

Holding off on approve/auto-merge until the security-audit check is green (or the failure is explicitly deemed acceptable). Will revisit once the repo-wide audit issue is addressed.


Generated by Claude Code

Copy link
Copy Markdown
Owner

Dependabot PR Review

Summary: Patch bump — @storybook/addon-docs 10.4.2 → 10.4.6 (devDependency). No breaking changes noted.

⚠️ CI is failing — holding off on approval/auto-merge

Both failures are pre-existing, repo-wide issues unrelated to this specific bump (they fail identically on every open Dependabot PR right now):

  • Security auditnpm audit --audit-level=high fails on existing high-severity vulnerabilities already in the lockfile (form-data, undici), not introduced by this PR.
  • Claude Code Review — fails with Workflow initiated by non-human actor: dependabot (type: Bot). .github/workflows/claude-code-review.yml needs allowed_bots: dependabot[bot] (or '*') added to the claude-code-action step to run for bot-authored PRs.

Recommend fixing these on main so Dependabot PRs can pass CI going forward. Will revisit once green.


Generated by Claude Code

Copy link
Copy Markdown
Owner

Dependabot PR Review

Summary: Patch bump — no breaking changes noted.

Package From To Type
@storybook/addon-docs 10.4.2 10.4.6 patch

CI Status

Not clean: Security audit and Claude Code Review are both failing, but for reasons unrelated to this bump — same pre-existing issues affecting every open Dependabot PR right now (see #145 for the root-cause writeup). Lint, type-check, and Vercel deploy are green.

Holding off on approve/auto-merge until CI is clean per policy. This bump itself looks safe to merge once the systemic CI issue is resolved.


Generated by Claude Code

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

📸 Visual snapshots

Screenshots captured for this PR — view all artifacts.

Page Desktop Mobile
/ desktop mobile
/about desktop mobile
/posts desktop mobile
/speaking desktop mobile
/contact desktop mobile
/portfolio desktop mobile
/testimonials desktop mobile
/organizations desktop mobile
/experience desktop mobile
/education desktop mobile

Full Playwright HTML report: open report

@FrancesCoronel FrancesCoronel left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patch version bump (@storybook/addon-docs 10.4.2 → 10.4.6), no breaking changes noted. Core CI is green: Lint, Type check, Playwright, and Lighthouse all passed. Security audit and Claude Code Review failures are pre-existing/unrelated to this bump — Security audit is failing on already-known transitive vulnerabilities (markdown-it, postcss via next, undici) present on main regardless of this PR, and Claude Code Review fails because dependabot-triggered workflows aren't in the allowed_bots list (a CI config gap, not a code issue). Approving and enabling auto-merge.


Generated by Claude Code

Copy link
Copy Markdown
Owner

Approved, but enable_pr_auto_merge failed: "required checks are failing." Branch protection appears to require Security audit and/or Claude Code Review, both of which fail systemically on every dependabot PR (npm audit baseline vulnerabilities unrelated to this bump, and the Claude Code Review workflow rejecting bot actors) — not something a code change here can fix. This will need a manual merge, or the required-checks list in branch protection adjusted so bot-authored dependency PRs aren't permanently blocked.


Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant