Skip to content

fix(deps): bump vite and storybook for security [FEC-769]#3231

Closed
misama-ct wants to merge 1 commit into
mainfrom
security/dev-dep-bumps-fec-769
Closed

fix(deps): bump vite and storybook for security [FEC-769]#3231
misama-ct wants to merge 1 commit into
mainfrom
security/dev-dep-bumps-fec-769

Conversation

@misama-ct
Copy link
Copy Markdown
Contributor

@misama-ct misama-ct commented Apr 10, 2026
edited by atlassian Bot
Loading

Summary

Bump dev dependencies to resolve Dependabot security alerts (Category 2 of 3):

  • vite 6.4.1 → 6.4.2 — resolves 3 high + 3 medium alerts (arbitrary file read via WebSocket)
  • storybook ^8.6.15 → ^8.6.18 — resolves 1 high alert (WebSocket hijacking)
  • All @storybook/* addons bumped to ^8.6.18

Consumer API impact

None. These are dev-only dependencies (storybook and visual-testing-app workspaces).

Test plan

  • CI passes (lint, unit tests, build)
  • Visual regression tests pass
  • Storybook builds and starts correctly

Part of FEC-769

🤖 Generated with Claude Code

@misama-ct @claude
fix(deps): bump vite and storybook for security [FEC-769]
9fe5c66 
Bump dev dependencies to resolve Dependabot security alerts:
- vite 6.4.1 → 6.4.2 (CVE-2026-39410, arbitrary file read via WebSocket)
- storybook ^8.6.15 → ^8.6.18 (WebSocket hijacking vulnerability)
- All @storybook/* addons bumped to ^8.6.18

Dev-only changes, no consumer API impact.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@misama-ct misama-ct requested a review from a team as a code owner April 10, 2026 07:34
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Apr 10, 2026

⚠️ No Changeset found

Latest commit: 9fe5c66

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 10, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
ui-kit Ready Ready Preview, Comment Apr 10, 2026 7:35am

Request Review

@misama-ct
Copy link
Copy Markdown
Contributor Author

misama-ct commented Apr 10, 2026

Moving to PR #3230 (single PR approach)

@misama-ct misama-ct closed this Apr 10, 2026
@misama-ct misama-ct deleted the security/dev-dep-bumps-fec-769 branch April 10, 2026 07:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@misama-ct