Skip to content

fix(deps): update all non-major dependencies#413

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-non-major
Open

fix(deps): update all non-major dependencies#413
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-non-major

Conversation

@renovate

@renovate renovate Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change Pending OpenSSF
@axe-core/playwright devDependencies minor 4.11.34.12.1 OpenSSF Scorecard
@commitlint/cli (source) devDependencies minor 21.0.221.2.1 OpenSSF Scorecard
@commitlint/config-conventional (source) devDependencies minor 21.0.221.2.0 OpenSSF Scorecard
@commitlint/types (source) devDependencies minor 21.0.121.2.0 OpenSSF Scorecard
@kobalte/core (source) dependencies patch 0.13.110.13.12 OpenSSF Scorecard
@storybook/addon-docs (source) devDependencies minor 10.4.610.5.0 OpenSSF Scorecard
@storybook/addon-links (source) devDependencies minor 10.4.610.5.0 OpenSSF Scorecard
@storybook/addon-vitest (source) devDependencies minor 10.4.610.5.0 OpenSSF Scorecard
@tailwindcss/vite (source) devDependencies patch 4.3.14.3.2 OpenSSF Scorecard
@types/node (source) devDependencies patch 25.9.425.9.5 OpenSSF Scorecard
@vitest/browser-playwright (source) devDependencies patch 4.1.94.1.10 OpenSSF Scorecard
@vitest/coverage-v8 (source) devDependencies patch 4.1.94.1.10 OpenSSF Scorecard
actions/cache action minor v5.0.5v5.1.0 OpenSSF Scorecard
docker/build-push-action action minor v7.2.0v7.3.0 OpenSSF Scorecard
docker/login-action action minor v4.2.0v4.4.0 OpenSSF Scorecard
github/codeql-action action minor v4.36.2v4.37.0 OpenSSF Scorecard
lefthook devDependencies patch 2.1.92.1.10 OpenSSF Scorecard
lucide-solid (source) dependencies minor 1.21.01.24.0 OpenSSF Scorecard
oxfmt (source) devDependencies minor 0.55.00.58.0 0.59.0 OpenSSF Scorecard
solid-js (source) dependencies patch 1.9.131.9.14 OpenSSF Scorecard
step-security/harden-runner action minor v2.19.4v2.20.0 OpenSSF Scorecard
storybook (source) devDependencies minor 10.4.610.5.0 OpenSSF Scorecard
storybook-solidjs-vite devDependencies minor 10.5.210.6.0 OpenSSF Scorecard
tailwindcss (source) devDependencies patch 4.3.14.3.2 OpenSSF Scorecard
vite (source) devDependencies minor 8.0.168.1.4 OpenSSF Scorecard
vitest (source) devDependencies patch 4.1.94.1.10 OpenSSF Scorecard
zizmorcore/zizmor-action action patch v0.5.6v0.5.7 OpenSSF Scorecard

Release Notes

dequelabs/axe-core-npm (@​axe-core/playwright)

v4.12.1

Compare Source

conventional-changelog/commitlint (@​commitlint/cli)

v21.2.1

Compare Source

Note: Version bump only for package @​commitlint/cli

v21.2.0

Compare Source

Features
  • resolve-extends: resolve pure-ESM presets (conventional-changelog v7/v9/v10) (#​4859) (fdb566f)

v21.1.0

Compare Source

Features

21.0.2 (2026-05-29)

Bug Fixes

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/cli

conventional-changelog/commitlint (@​commitlint/config-conventional)

v21.2.0

Compare Source

Features
  • resolve-extends: resolve pure-ESM presets (conventional-changelog v7/v9/v10) (#​4859) (fdb566f)

v21.1.0

Compare Source

Note: Version bump only for package @​commitlint/config-conventional

21.0.2 (2026-05-29)

Note: Version bump only for package @​commitlint/config-conventional

21.0.1 (2026-05-12)

Note: Version bump only for package @​commitlint/config-conventional

conventional-changelog/commitlint (@​commitlint/types)

v21.2.0

Compare Source

Features
  • resolve-extends: resolve pure-ESM presets (conventional-changelog v7/v9/v10) (#​4859) (fdb566f)

v21.1.0

Compare Source

Features

21.0.1 (2026-05-12)

Bug Fixes
storybookjs/storybook (@​storybook/addon-docs)

v10.5.0

Compare Source

Foundational changes for new AI workflows

Storybook 10.5 contains hundreds of fixes and improvements:

  • ⚡️ Angular-vite framework: Modern, fast dev, docs, and test (preview)
  • 🌈 Vitest initialGlobals: Test across themes, viewports, locales
  • 🤖 Agentic review: AI-curated visual changesets and search results (experimental)
  • ⚛️ React docgen service: Unified metadata across MCP, Docs, and Controls (experimental)
  • 🧑‍💻 Claude / Codex plugins: One-click ADE integration (experimental)
List of all updates - A11y: Fix MDX heading anchors not keyboard accessible - [#​34368](https://redirect.github.com/storybookjs/storybook/pull/34368), thanks @​TheSeydiCharyyev! - A11y: Handle lang attribute throughout preview - [#​35321](https://redirect.github.com/storybookjs/storybook/pull/35321), thanks @​Sidnioulz! - A11y: Surface required args and keyboard-reachable Setup controls in ArgsTable - [#​35306](https://redirect.github.com/storybookjs/storybook/pull/35306), thanks @​Sidnioulz! - Addon A11y: Preserve disabled a11y rules with runOnly - [#​34649](https://redirect.github.com/storybookjs/storybook/pull/34649), thanks @​cyphercodes! - Addon Docs: DocsContent not filling available width when TOC is enabled - [#​35043](https://redirect.github.com/storybookjs/storybook/pull/35043), thanks @​k-utsumi! - Addon Docs: Resolve CSF4 module exports without a default export - [#​34834](https://redirect.github.com/storybookjs/storybook/pull/34834), thanks @​TheSeydiCharyyev! - Addon Docs: Resolve providerImportSource to a path instead of a file:// URL - [#​34841](https://redirect.github.com/storybookjs/storybook/pull/34841), thanks @​TheSeydiCharyyev! - Addon Vitest: Add an initialGlobals option to pin a project's globals - [#​35226](https://redirect.github.com/storybookjs/storybook/pull/35226), thanks @​lifeiscontent! - Addon Vitest: Avoid erroring out on benign Win process exits - [#​35287](https://redirect.github.com/storybookjs/storybook/pull/35287), thanks @​Sidnioulz! - Addon Vitest: Fix dynamic import failure with Vitest 3 - [#​34927](https://redirect.github.com/storybookjs/storybook/pull/34927), thanks @​Sidnioulz! - Addon Vitest: Subscribe for run completion before triggering it - [#​35291](https://redirect.github.com/storybookjs/storybook/pull/35291), thanks @​tsushanth! - Angular: Add versioned `@types/node` to packages installed during `storybook init` - [#​34192](https://redirect.github.com/storybookjs/storybook/pull/34192), thanks @​copilot-swe-agent! - Angular: Fix custom paths for stats.json on angular - [#​34551](https://redirect.github.com/storybookjs/storybook/pull/34551), thanks @​mrginglymus! - Angular: Fix zone.js drop in angular-to-angular-vite migration + schema sync + transform widening - [#​35386](https://redirect.github.com/storybookjs/storybook/pull/35386), thanks @​valentinpalkovic! - Angular: Install @​analogjs/vite-plugin-angular in angular-to-angular-vite automigration - [#​35432](https://redirect.github.com/storybookjs/storybook/pull/35432), thanks @​valentinpalkovic! - Angular: Introduce @​storybook/angular-vite package - [#​34202](https://redirect.github.com/storybookjs/storybook/pull/34202), thanks @​brandonroberts! - Angular: Support Angular 22 in Webpack framework - [#​35318](https://redirect.github.com/storybookjs/storybook/pull/35318), thanks @​EtiennePasteur! - Angular: Use future-proof API for component reflection - [#​35228](https://redirect.github.com/storybookjs/storybook/pull/35228), thanks @​Sidnioulz! - Babel: Remove bugfixes from preset-env in v8 - [#​35266](https://redirect.github.com/storybookjs/storybook/pull/35266), thanks @​Sidnioulz! - Builder Vite: Fix empty external globals imports - [#​34348](https://redirect.github.com/storybookjs/storybook/pull/34348), thanks @​raashish1601! - Builder Vite: Support configLoader via builder options - [#​34080](https://redirect.github.com/storybookjs/storybook/pull/34080), thanks @​holvi-sebastian! - CLI: Add `storybook ai ` MCP passthrough behind `STORYBOOK_FEATURE_AI_CLI` - [#​35125](https://redirect.github.com/storybookjs/storybook/pull/35125), thanks @​kasperpeulen! - CLI: Add telemetry for the `storybook ai ` passthrough - [#​35138](https://redirect.github.com/storybookjs/storybook/pull/35138), thanks @​kasperpeulen! - CLI: Allow -p shorthand to --port for ai command - [#​35390](https://redirect.github.com/storybookjs/storybook/pull/35390), thanks @​huang-julien! - CLI: Bundle the `ai` command in core so it never downloads `@storybook/cli` - [#​35147](https://redirect.github.com/storybookjs/storybook/pull/35147), thanks @​kasperpeulen! - CLI: Do not auto-open the browser in storybook dev under AI agents - [#​35412](https://redirect.github.com/storybookjs/storybook/pull/35412), thanks @​kasperpeulen! - CLI: Exit process after successful build - [#​34735](https://redirect.github.com/storybookjs/storybook/pull/34735), thanks @​torleifhalseth! - CLI: Fix angular-to-angular-vite migration failing to configure addon-vitest - [#​35404](https://redirect.github.com/storybookjs/storybook/pull/35404), thanks @​valentinpalkovic! - CLI: Fix silent hang in deferred addon configuration during upgrade - [#​35423](https://redirect.github.com/storybookjs/storybook/pull/35423), thanks @​valentinpalkovic! - CLI: Fix upgrade crash on Storybook latest version check - [#​35156](https://redirect.github.com/storybookjs/storybook/pull/35156), thanks @​yatishgoel! - CLI: Handle nested array schema for AI help - [#​35424](https://redirect.github.com/storybookjs/storybook/pull/35424), thanks @​huang-julien! - CLI: Install MCP when upgrade is ran by agent - [#​35215](https://redirect.github.com/storybookjs/storybook/pull/35215), thanks @​huang-julien! - CLI: Load Storybook AI help from preset metadata - [#​35212](https://redirect.github.com/storybookjs/storybook/pull/35212), thanks @​kasperpeulen! - CLI: Match `storybook ai` instances by config dir as well as cwd - [#​35392](https://redirect.github.com/storybookjs/storybook/pull/35392), thanks @​kasperpeulen! - CLI: Prefer agent-matched Storybook instances - [#​35235](https://redirect.github.com/storybookjs/storybook/pull/35235), thanks @​kasperpeulen! - CLI: Respect BROWSER and BROWSER_ARGS - [#​34513](https://redirect.github.com/storybookjs/storybook/pull/34513), thanks @​ianzone! - CLI: Show MCP workflow instructions in AI help - [#​35164](https://redirect.github.com/storybookjs/storybook/pull/35164), thanks @​kasperpeulen! - CLI: Skip a11y addon automigration prompting when not applicable - [#​35376](https://redirect.github.com/storybookjs/storybook/pull/35376), thanks @​yannbf! - CLI: Support Claude preview autoPort - [#​35259](https://redirect.github.com/storybookjs/storybook/pull/35259), thanks @​kasperpeulen! - CLI: Use detected package manager instead of npx for remote commands - [#​35409](https://redirect.github.com/storybookjs/storybook/pull/35409), thanks @​ghengeveld! - Controls: Add label to Object JSON control - [#​34766](https://redirect.github.com/storybookjs/storybook/pull/34766), thanks @​Jaksenc! - Controls: Guard normalizeOptions against array labels and prototype chain lookups - [#​34664](https://redirect.github.com/storybookjs/storybook/pull/34664), thanks @​creazyfrog! - Controls: Improve ArgsTable empty state guidance - [#​34857](https://redirect.github.com/storybookjs/storybook/pull/34857), thanks @​Aniketiitk21! - Controls: Load controls for composed-ref stories on direct deep-link - [#​35402](https://redirect.github.com/storybookjs/storybook/pull/35402), thanks @​ndelangen! - Controls: Load controls for stories from a composed ref - [#​35050](https://redirect.github.com/storybookjs/storybook/pull/35050), thanks @​TheSeydiCharyyev! - Controls: Prevent AbortError when rapidly resetting - [#​34412](https://redirect.github.com/storybookjs/storybook/pull/34412), thanks @​whdjh! - Controls: Prevent the save bar from covering the last control - [#​35136](https://redirect.github.com/storybookjs/storybook/pull/35136), thanks @​TheSeydiCharyyev! - Core: Add ai-review observability - [#​35300](https://redirect.github.com/storybookjs/storybook/pull/35300), thanks @​yannbf! - Core: Add experimentalReview feature flag and make the features type augmentable - [#​35379](https://redirect.github.com/storybookjs/storybook/pull/35379), thanks @​yannbf! - Core: Add missing export to globals - [#​34929](https://redirect.github.com/storybookjs/storybook/pull/34929), thanks @​Sidnioulz! - Core: Add ref-based components manifest index backed by docgen open service - [#​35063](https://redirect.github.com/storybookjs/storybook/pull/35063), thanks @​JReinhold! - Core: Add runtime instance registry - [#​34863](https://redirect.github.com/storybookjs/storybook/pull/34863), thanks @​kasperpeulen! - Core: Allow vite-plus 0.2.x in the optional peer range - [#​35221](https://redirect.github.com/storybookjs/storybook/pull/35221), thanks @​lifeiscontent! - Core: Categorize UniversalStore follower timeout error - [#​34592](https://redirect.github.com/storybookjs/storybook/pull/34592), thanks @​justismailmemon! - Core: Clean stale runtime instance records - [#​35023](https://redirect.github.com/storybookjs/storybook/pull/35023), thanks @​kasperpeulen! - Core: Compose core annotations before preview beforeAll - [#​35323](https://redirect.github.com/storybookjs/storybook/pull/35323), thanks @​JReinhold! - Core: Ensure every runtime installs the real channel and stop the mock fallback from poisoning it - [#​35410](https://redirect.github.com/storybookjs/storybook/pull/35410), thanks @​ndelangen! - Core: Expose backgrounds types from public subpath - [#​35044](https://redirect.github.com/storybookjs/storybook/pull/35044), thanks @​ShaharAviram1! - Core: Extract StoryDependencyGraphService from ChangeDetectionService - [#​35009](https://redirect.github.com/storybookjs/storybook/pull/35009), thanks @​valentinpalkovic! - Core: Fix cryptic invariant crash when dev server port detection fails - [#​35388](https://redirect.github.com/storybookjs/storybook/pull/35388), thanks @​kasperpeulen! - Core: Fix EEXIST race condition in static file copying during build - [#​34499](https://redirect.github.com/storybookjs/storybook/pull/34499), thanks @​flt3150sk! - Core: Fix npm dependency detection - [#​35083](https://redirect.github.com/storybookjs/storybook/pull/35083), thanks @​fallintoplace! - Core: Fix potential race condition in SET_CONFIG hook - [#​35401](https://redirect.github.com/storybookjs/storybook/pull/35401), thanks @​mrginglymus! - Core: Fix resolveImport TSX fallback - [#​34815](https://redirect.github.com/storybookjs/storybook/pull/34815), thanks @​cyphercodes! - Core: Flush preview-api hook effects in portable stories - [#​35224](https://redirect.github.com/storybookjs/storybook/pull/35224), thanks @​lifeiscontent! - Core: Ignore story-like directories in indexer - [#​34806](https://redirect.github.com/storybookjs/storybook/pull/34806), thanks @​MukundaKatta! - Core: Improve ActionBar focus indicator in high contrast mode - [#​34779](https://redirect.github.com/storybookjs/storybook/pull/34779), thanks @​TheSeydiCharyyev! - Core: Include chromatic packages in ecosystem identifier - [#​35170](https://redirect.github.com/storybookjs/storybook/pull/35170), thanks @​yannbf! - Core: Incorrect package json handling - [#​34515](https://redirect.github.com/storybookjs/storybook/pull/34515), thanks @​lino-levan! - Core: Introduce Agentic Review feature - [#​34837](https://redirect.github.com/storybookjs/storybook/pull/34837), thanks @​yannbf! - Core: Leave experimentalReview unset by default so the AI CLI plugins can enable review - [#​35396](https://redirect.github.com/storybookjs/storybook/pull/35396), thanks @​kasperpeulen! - Core: Recognize addon-mcp registered via getAbsolutePath() in runtime instance registry - [#​35286](https://redirect.github.com/storybookjs/storybook/pull/35286), thanks @​yannbf! - Core: Reset WebsocketTransport heartbeat on every message, not just ping - [#​35422](https://redirect.github.com/storybookjs/storybook/pull/35422), thanks @​valentinpalkovic! - Core: Skip story-docs Code panel emission in portable stories - [#​35387](https://redirect.github.com/storybookjs/storybook/pull/35387), thanks @​ndelangen! - Core: Use UndoIcon for Review-changes clear button - [#​34767](https://redirect.github.com/storybookjs/storybook/pull/34767), thanks @​valentinpalkovic! - CSF Next: Propagate skip tags to .test children - [#​34964](https://redirect.github.com/storybookjs/storybook/pull/34964), thanks @​kwonoj! - CSF Next: Add tags type support for - [#​34819](https://redirect.github.com/storybookjs/storybook/pull/34819), thanks @​unional! - CSF: Fix Canvas and userEvent types under Yarn PnP - [#​34986](https://redirect.github.com/storybookjs/storybook/pull/34986), thanks @​yatishgoel! - Docgen: Add mock open service - [#​34954](https://redirect.github.com/storybookjs/storybook/pull/34954), thanks @​JReinhold! - Docgen: Fix inferred argTypes from initial args overriding docgen and custom argTypes in experimentalDocgenServer mode - [#​35196](https://redirect.github.com/storybookjs/storybook/pull/35196), thanks @​JReinhold! - Docgen: Register service runtime, payload argTypes - [#​35108](https://redirect.github.com/storybookjs/storybook/pull/35108), thanks @​JReinhold! - Docgen: Run experimentalDocgenServer extraction in a worker thread - [#​35324](https://redirect.github.com/storybookjs/storybook/pull/35324), thanks @​JReinhold! - Docgen: Wire up react-component-meta with DocgenService - [#​34963](https://redirect.github.com/storybookjs/storybook/pull/34963), thanks @​JReinhold! - DocgenServer: Fix OOM by recycling the shared TS program - [#​35305](https://redirect.github.com/storybookjs/storybook/pull/35305), thanks @​ndelangen! - Docs: Add ariaLabel support to ActionItem interface - [#​34749](https://redirect.github.com/storybookjs/storybook/pull/34749), thanks @​TheSeydiCharyyev! - Docs: Add shallow MDX ref manifests for experimentalDocgenServer - [#​35189](https://redirect.github.com/storybookjs/storybook/pull/35189), thanks @​JReinhold! - Docs: Deprecate ExternalDocs - [#​35074](https://redirect.github.com/storybookjs/storybook/pull/35074), thanks @​Sidnioulz! - Docs: Fix Controls losing focus when subcomponents are defined - [#​35018](https://redirect.github.com/storybookjs/storybook/pull/35018), thanks @​cssinate! - Docs: Improve DocsParameters types - [#​35190](https://redirect.github.com/storybookjs/storybook/pull/35190), thanks @​mrginglymus! - Docs: Prevent heading anchor cutoff on docs pages - [#​34945](https://redirect.github.com/storybookjs/storybook/pull/34945), thanks @​copilot-swe-agent! - Docs: Restore React 16/17 support in useServiceDocgen - [#​35179](https://redirect.github.com/storybookjs/storybook/pull/35179), thanks @​JReinhold! - Docs: Route ArgTypes and Controls through docgen service when flag enabled - [#​35109](https://redirect.github.com/storybookjs/storybook/pull/35109), thanks @​JReinhold! - Docs: Scope control input ids to each block instance - [#​34793](https://redirect.github.com/storybookjs/storybook/pull/34793), thanks @​TheSeydiCharyyev! - Docs: Support explicit id prop on for standalone MDX - [#​34808](https://redirect.github.com/storybookjs/storybook/pull/34808), thanks @​TheSeydiCharyyev! - ESLint Plugin: Avoid ESLint Unstable API Load - [#​35269](https://redirect.github.com/storybookjs/storybook/pull/35269), thanks @​pupuking723! - Index: Remove `hasActiveFilters` check - [#​35151](https://redirect.github.com/storybookjs/storybook/pull/35151), thanks @​mrginglymus! - Init: Support pnpm catalogs when adding addon-vitest dependencies - [#​35415](https://redirect.github.com/storybookjs/storybook/pull/35415), thanks @​yannbf! - Interactions: Prevent debugger controls from stealing focus - [#​35073](https://redirect.github.com/storybookjs/storybook/pull/35073), thanks @​BrenoSI03! - Maintenance: Centralize supported file extension lists - [#​34844](https://redirect.github.com/storybookjs/storybook/pull/34844), thanks @​valentinpalkovic! - Maintenance: Replace `resolve` and `resolve.exports` with `oxc-resolver` - [#​34692](https://redirect.github.com/storybookjs/storybook/pull/34692), thanks @​valentinpalkovic! - Manager: Apply addon-registered filters to the initial story index - [#​35408](https://redirect.github.com/storybookjs/storybook/pull/35408), thanks @​ndelangen! - Manager: Fix crash when toggling addon panel on mobile (LandmarkManager TypeError) - [#​34790](https://redirect.github.com/storybookjs/storybook/pull/34790), thanks @​valentinpalkovic! - Manager: Fix layout.showPanel config - [#​34777](https://redirect.github.com/storybookjs/storybook/pull/34777), thanks @​kalinco-glitch! - Manager: Fix race condition in `experimental_setFilter` - [#​35194](https://redirect.github.com/storybookjs/storybook/pull/35194), thanks @​mrginglymus! - Manager: Keep local preview iframe on host URL when a ref story loads first - [#​35078](https://redirect.github.com/storybookjs/storybook/pull/35078), thanks @​TheSeydiCharyyev! - Manager: Restructure review feature state, layout integration, and thumbnail pipeline - [#​35351](https://redirect.github.com/storybookjs/storybook/pull/35351), thanks @​ghengeveld! - Measure & Outline: Honor the `disable` parameter - [#​35150](https://redirect.github.com/storybookjs/storybook/pull/35150), thanks @​yatishgoel! - ModuleGraph: Refactor from StoryDependencyService to open service-based ModuleGraphService - [#​35048](https://redirect.github.com/storybookjs/storybook/pull/35048), thanks @​JReinhold! - ModuleGraph: Stop bumping the graph revision on story-index invalidation - [#​35178](https://redirect.github.com/storybookjs/storybook/pull/35178), thanks @​JReinhold! - Next: Call link onClick before preventing default - [#​35311](https://redirect.github.com/storybookjs/storybook/pull/35311), thanks @​yatishgoel! - Next: Support `as` prop in next/link mock - [#​35148](https://redirect.github.com/storybookjs/storybook/pull/35148), thanks @​yatishgoel! - Next Vite: Add Link mock with useLinkStatus to nextjs-vite framework - [#​34736](https://redirect.github.com/storybookjs/storybook/pull/34736), thanks @​yatishgoel! - Next Vite: Bump vite-plugin-storybook-nextjs to ^3.3.0 - [#​34838](https://redirect.github.com/storybookjs/storybook/pull/34838), thanks @​yatishgoel! - Open Service: Add `internal` property to control visibility - [#​35057](https://redirect.github.com/storybookjs/storybook/pull/35057), thanks @​JReinhold! - Open Service: Add schema-driven service runtime - [#​34860](https://redirect.github.com/storybookjs/storybook/pull/34860), thanks @​JReinhold! - Open Service: Add sync between server, manager and preview - [#​35017](https://redirect.github.com/storybookjs/storybook/pull/35017), thanks @​ndelangen! - Open Service: Call remote commands in load functions - [#​35106](https://redirect.github.com/storybookjs/storybook/pull/35106), thanks @​JReinhold! - Open Service: Fix docgen hot update controls refresh - [#​35158](https://redirect.github.com/storybookjs/storybook/pull/35158), thanks @​JReinhold! - Open Service: Fix reactivity on deep signals, fire subscribers on load dependencies - [#​34979](https://redirect.github.com/storybookjs/storybook/pull/34979), thanks @​JReinhold! - Open Service: Implement service registration on the server - [#​34875](https://redirect.github.com/storybookjs/storybook/pull/34875), thanks @​JReinhold! - Open Service: Implement service registration on the server (attempt 2) - [#​34961](https://redirect.github.com/storybookjs/storybook/pull/34961), thanks @​JReinhold! - Open Service: Introduce query states (loading/error/success) - [#​35214](https://redirect.github.com/storybookjs/storybook/pull/35214), thanks @​JReinhold! - Open Service: Load static query snapshots in browser builds - [#​35154](https://redirect.github.com/storybookjs/storybook/pull/35154), thanks @​JReinhold! - Open Service: Mark module-graph engine commands as internal - [#​35144](https://redirect.github.com/storybookjs/storybook/pull/35144), thanks @​JReinhold! - Open Service: Split story docs from docgen service - [#​35169](https://redirect.github.com/storybookjs/storybook/pull/35169), thanks @​JReinhold! - Open Service: Sync queries, load/loaded() API, strict reader handlers - [#​34932](https://redirect.github.com/storybookjs/storybook/pull/34932), thanks @​JReinhold! - Open Service: Type getService for core services per runtime - [#​35242](https://redirect.github.com/storybookjs/storybook/pull/35242), thanks @​JReinhold! - Preview: Preserve @​ts-expect-error in web-component and vue preview - [#​34839](https://redirect.github.com/storybookjs/storybook/pull/34839), thanks @​brentswisher! - Preview: Preserve primitive args for non-ReactNode other types - [#​35088](https://redirect.github.com/storybookjs/storybook/pull/35088), thanks @​TheSeydiCharyyev! - Preview: Restore iframe scrolling after resizing the layout - [#​35310](https://redirect.github.com/storybookjs/storybook/pull/35310), thanks @​yatishgoel! - Preview: Use width/height instead of min-* in CanvasWrap - [#​35056](https://redirect.github.com/storybookjs/storybook/pull/35056), thanks @​DevLikhith5! - Pseudo States: Keep combinator broad pseudo selectors valid - [#​35060](https://redirect.github.com/storybookjs/storybook/pull/35060), thanks @​mturac! - Pseudo States: Preserve URL globals on story change - [#​35211](https://redirect.github.com/storybookjs/storybook/pull/35211), thanks @​Sidnioulz! - React Native: Remove babel deps from RN setup (not needed) - [#​35243](https://redirect.github.com/storybookjs/storybook/pull/35243), thanks @​dannyhw! - React: Add an optional TypeScript peer to react-vite - [#​34627](https://redirect.github.com/storybookjs/storybook/pull/34627), thanks @​wojtekmaj! - React: Align react-docgen versions - [#​35271](https://redirect.github.com/storybookjs/storybook/pull/35271), thanks @​Sidnioulz! - React: Fix subcomponent prop extraction without JSX usage - [#​35107](https://redirect.github.com/storybookjs/storybook/pull/35107), thanks @​JReinhold! - React: Render boolean props set to false in source snippets - [#​34968](https://redirect.github.com/storybookjs/storybook/pull/34968), thanks @​valentinpalkovic! - Review: Dynamic thumbnail scaling based on content dimensions - [#​35282](https://redirect.github.com/storybookjs/storybook/pull/35282), thanks @​ghengeveld! - Review: Fix accessibility/UX issues in the review UI - [#​35398](https://redirect.github.com/storybookjs/storybook/pull/35398), thanks @​Sidnioulz! - Review: Fix inaccurate review story counts in sidebar - [#​35391](https://redirect.github.com/storybookjs/storybook/pull/35391), thanks @​ghengeveld! - Review: Improve review thumbnail scaling and loading UX - [#​35335](https://redirect.github.com/storybookjs/storybook/pull/35335), thanks @​ghengeveld! - Review: Notify on review arrival instead of auto-navigating - [#​35276](https://redirect.github.com/storybookjs/storybook/pull/35276), thanks @​ghengeveld! - Review: Simplify layout handling - [#​35322](https://redirect.github.com/storybookjs/storybook/pull/35322), thanks @​ghengeveld! - Tanstack: Export `TanStackPreview` from `@storybook/tanstack-react` to unblock CSF Next typing - [#​34949](https://redirect.github.com/storybookjs/storybook/pull/34949), thanks @​copilot-swe-agent! - TanStack: Normalize route-group handling in createRoute mock - [#​34948](https://redirect.github.com/storybookjs/storybook/pull/34948), thanks @​copilot-swe-agent! - Tanstack: Remove Outlet mock - [#​35010](https://redirect.github.com/storybookjs/storybook/pull/35010), thanks @​huang-julien! - Tanstack: Supply id OR path when using RouteOptions for route mock - [#​34950](https://redirect.github.com/storybookjs/storybook/pull/34950), thanks @​copilot-swe-agent! - Telemetry: Preserve state machine when the module loads more than once - [#​35140](https://redirect.github.com/storybookjs/storybook/pull/35140), thanks @​kasperpeulen! - Telemetry: Prevent pnpm paths from leaking into framework.name - [#​35345](https://redirect.github.com/storybookjs/storybook/pull/35345), thanks @​Sidnioulz! - Test: Move @​testing-library/dom to dependencies - [#​34604](https://redirect.github.com/storybookjs/storybook/pull/34604), thanks @​XionWCFM! - UI: Allow manager-head favicon override - [#​34809](https://redirect.github.com/storybookjs/storybook/pull/34809), thanks @​MukundaKatta! - UI: Fix args not preserved in isolation mode - [#​35055](https://redirect.github.com/storybookjs/storybook/pull/35055), thanks @​sijie-Z! - UI: Hide onboarding menu with feature flag - [#​35299](https://redirect.github.com/storybookjs/storybook/pull/35299), thanks @​Sidnioulz! - Viewport: Highlight toolbar button when custom viewport is active - [#​35075](https://redirect.github.com/storybookjs/storybook/pull/35075), thanks @​derinbarutcu17! - Viewport: Warn when legacy `defaultViewport` parameter is used - [#​35087](https://redirect.github.com/storybookjs/storybook/pull/35087), thanks @​yatishgoel! - Vitest: Reset playwright cursor position to avoid hover bug - [#​34765](https://redirect.github.com/storybookjs/storybook/pull/34765), thanks @​Sidnioulz! - Vue: Ensure vue-component-meta runs in post - [#​34976](https://redirect.github.com/storybookjs/storybook/pull/34976), thanks @​Sidnioulz! - Vue: Fix Unicode Default Values In Docs - [#​34909](https://redirect.github.com/storybookjs/storybook/pull/34909), thanks @​Arunsiva003! - Vue: Use AST to inject __docgenInfo correctly - [#​35201](https://redirect.github.com/storybookjs/storybook/pull/35201), thanks @​Sidnioulz! - Webpack: Gate lazy-compilation import pipeline on webpack version - [#​34931](https://redirect.github.com/storybookjs/storybook/pull/34931), thanks @​copilot-swe-agent!
tailwindlabs/tailwindcss (@​tailwindcss/vite)

v4.3.2

Compare Source

Fixed
  • Support bare spacing values for auto-rows-* and auto-cols-* utilities (e.g. auto-rows-12 and auto-cols-16) (#​20229)
  • Prevent @tailwindcss/cli in --watch mode from crashing on Windows when @source points to a directory that doesn't exist (#​20242)
  • Prevent @tailwindcss/vite from crashing in Deno v2.8.x when context.parentURL is not a valid URL (#​20245)
  • Ensure @tailwindcss/cli in --watch mode rebuilds when the input CSS file changes in an ignored directory (#​20246)
  • Allow @variant rules used in addBase(…) to use custom variants defined later (#​20247)
  • Prevent @tailwindcss/vite from crashing during HMR when scanned files or directories are deleted (#​20259)
  • Generate font-size instead of color declarations for text-[--spacing(…)] (#​20260)
  • Prevent @source patterns from scanning unrelated sibling files and folders (#​20263)
  • Extract class candidates adjacent to Template Toolkit delimiters like %]…[% in .tt, .tt2, and .tx files (#​20269)
  • Extract class candidates from conditional Maud syntax like p.text-black[condition] (#​20269)
  • Prevent @position-try rules from triggering unknown at-rule warnings when optimizing CSS (#​20277)
  • Support class suggestions for named opacity modifiers from --opacity theme values (#​20287)
  • Prevent type errors in @tailwindcss/postcss when used with newer PostCSS patch releases (#​20289)
vitest-dev/vitest (@​vitest/browser-playwright)

v4.1.10

Compare Source

   🐞 Bug Fixes
    View changes on GitHub
actions/cache (actions/cache)

v5.1.0

Compare Source

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

docker/build-push-action (docker/build-push-action)

v7.3.0

Compare Source

docker/login-action (docker/login-action)

v4.4.0

Compare Source

v4.3.0

Compare Source

Full Changelog: docker/login-action@v4.2.0...v4.3.0

github/codeql-action (github/codeql-action)

v4.37.0

Compare Source

  • Update default CodeQL bundle version to 2.26.0. #​3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@​ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #​3973

v4.36.3

Compare Source

No user facing changes.

evilmartians/lefthook (lefthook)

v2.1.10

Compare Source

lucide-icons/lucide (lucide-solid)

v1.24.0: Version 1.24.0

Compare Source

What's Changed

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from dsm23 as a code owner June 25, 2026 02:14
@github-actions

github-actions Bot commented Jun 25, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/docker/build-push-action 53b7df96c91f9c12dcc8a07bcb9ccacbed38856a 🟢 7.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 9security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 10SAST tool is run on all commits
actions/docker/login-action af1e73f918a031802d376d3c8bbc3fe56130a9b0 🟢 8.6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 9security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
actions/step-security/harden-runner bf7454d06d71f1098171f2acdf0cd4708d7b5920 🟢 7.9
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1013 out of 13 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1023 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities⚠️ 010 existing vulnerabilities detected
actions/github/codeql-action/upload-sarif 99df26d4f13ea111d4ec1a7dddef6063f76b97e9 UnknownUnknown
actions/step-security/harden-runner bf7454d06d71f1098171f2acdf0cd4708d7b5920 🟢 7.9
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1013 out of 13 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1023 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities⚠️ 010 existing vulnerabilities detected
actions/step-security/harden-runner bf7454d06d71f1098171f2acdf0cd4708d7b5920 🟢 7.9
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
CI-Tests🟢 1013 out of 13 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 10all changesets reviewed
Contributors🟢 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1023 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 10SAST tool is run on all commits
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities⚠️ 010 existing vulnerabilities detected
actions/zizmorcore/zizmor-action 192e21d79ab29983730a13d1382995c2307fbcaa UnknownUnknown
npm/@axe-core/playwright 4.12.1 🟢 6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@commitlint/cli 21.2.1 🟢 4.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 1Found 1/6 approved changesets -- score normalized to 1
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@commitlint/config-conventional 21.2.0 🟢 4.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 1Found 1/6 approved changesets -- score normalized to 1
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@commitlint/types 21.2.0 🟢 4.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 1Found 1/6 approved changesets -- score normalized to 1
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@kobalte/core 0.13.12 UnknownUnknown
npm/@storybook/addon-docs 10.5.0 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@storybook/addon-links 10.5.0 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@storybook/addon-vitest 10.5.0 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/@tailwindcss/vite 4.3.2 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 1Found 5/28 approved changesets -- score normalized to 1
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@types/node 25.9.5 🟢 6.6
Details
CheckScoreReason
Code-Review🟢 9Found 28/30 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
npm/@vitest/browser-playwright 4.1.10 UnknownUnknown
npm/@vitest/coverage-v8 4.1.10 UnknownUnknown
npm/lefthook 2.1.10 🟢 5.2
Details
CheckScoreReason
Maintained🟢 1028 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 2Found 7/29 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST🟢 10SAST tool is run on all commits
npm/lucide-solid 1.24.0 🟢 3.4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 7Found 18/25 approved changesets -- score normalized to 7
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 9license file detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST🟢 5SAST tool is not run on all commits -- score normalized to 5
npm/oxfmt 0.58.0 UnknownUnknown
npm/solid-js 1.9.14 🟢 5.9
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 4Found 8/18 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/storybook 10.5.0 🟢 7.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests🟢 1011 out of 11 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices⚠️ 0no badge detected
Code-Review🟢 79 out of last 12 changesets reviewed before merge -- score normalized to 7
Contributors🟢 1042 different organizations found -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Dependency-Update-Tool🟢 10update tool detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Maintained🟢 1030 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging⚠️ -1no published package detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Vulnerabilities🟢 10no vulnerabilities detected
npm/storybook-solidjs-vite 10.6.0 UnknownUnknown
npm/tailwindcss 4.3.2 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 1Found 5/28 approved changesets -- score normalized to 1
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/vite 8.1.4 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 5Found 14/27 approved changesets -- score normalized to 5
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 5detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 4binaries present in source code
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/vitest 4.1.10 UnknownUnknown

Scanned Files

  • .github/workflows/docker.yml
  • .github/workflows/scorecard.yml
  • .github/workflows/zizmor.yml
  • package.json

@mergify

mergify Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Merge Protections

🟢 All 3 merge protections satisfied — ready to merge.

Show 3 satisfied protections

🟢 Do not merge outdated PRs

Make sure PRs are almost up to date before merging

  • #commits-behind = 0

🟢 Enforce conventional commit

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

  • title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 🚦 Auto-queue

When all merge protections are satisfied, this pull request will be queued automatically.

@github-actions

github-actions Bot commented Jun 25, 2026

Copy link
Copy Markdown

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 4.6% (🎯 2%)
🟰 ±0%
7 / 152
🔵 Statements 3.8% (🎯 2%)
🟰 ±0%
7 / 184
🔵 Functions 3.79% (🎯 2%)
🟰 ±0%
3 / 79
🔵 Branches 2.5% (🎯 2%)
🟰 ±0%
1 / 40
File Coverage
File Stmts Branches Functions Lines Uncovered Lines
Unchanged Files
src/app.tsx 0% 0% 0% 0% 22-52
src/entry-client.tsx 0% 0% 0% 0% 4
src/entry-server.tsx 0% 0% 0% 0% 5-27
src/components/Counter.tsx 0% 0% 0% 0% 3-13
src/components/Nav.tsx 0% 0% 0% 0% 3-21
src/components/theme-switcher/index.tsx 0% 0% 0% 0% 20-73
src/components/ui/dropdown-menu.tsx 0% 0% 0% 0% 7-280
src/components/ui/button/index.tsx 100% 50% 100% 100%
src/lib/utils/index.ts 100% 100% 100% 100%
src/middleware/index.ts 0% 0% 0% 0% 5-32
src/routes/[...404].tsx 0% 0% 0% 0% 3-31
src/routes/about.tsx 0% 0% 0% 0% 4-31
src/routes/index.tsx 0% 0% 0% 0% 438-496
Generated in workflow #751 for commit 70165fd by the Vitest Coverage Report Action

mergify[bot]
mergify Bot previously approved these changes Jun 25, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

@renovate renovate Bot changed the title chore(deps): update all non-major dependencies chore(deps): update zizmorcore/zizmor-action action to v0.5.7 Jun 25, 2026
@renovate renovate Bot force-pushed the renovate/all-non-major branch from 79f7065 to 536ff36 Compare June 25, 2026 13:58
@renovate renovate Bot changed the title chore(deps): update zizmorcore/zizmor-action action to v0.5.7 chore(deps): update all non-major dependencies Jun 25, 2026
mergify[bot]
mergify Bot previously approved these changes Jun 25, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

@renovate renovate Bot force-pushed the renovate/all-non-major branch 4 times, most recently from d79b1c7 to 861b866 Compare July 1, 2026 23:48
@renovate renovate Bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Jul 1, 2026
@renovate renovate Bot force-pushed the renovate/all-non-major branch 6 times, most recently from 054863f to bf7c5d0 Compare July 4, 2026 18:00
mergify[bot]
mergify Bot previously approved these changes Jul 4, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 5, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 5, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

@renovate renovate Bot force-pushed the renovate/all-non-major branch from f20a393 to 27addff Compare July 5, 2026 13:54
mergify[bot]
mergify Bot previously approved these changes Jul 5, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 6, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 9, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 9, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 10, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 11, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 11, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 12, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

mergify[bot]
mergify Bot previously approved these changes Jul 12, 2026

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approving renovate[bot]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants