Skip to content

Bump semver, react-scripts, @storybook/cli and dependency-cruiser#7

Open
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/multi-50c699221b
Open

Bump semver, react-scripts, @storybook/cli and dependency-cruiser#7
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/npm_and_yarn/multi-50c699221b

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Feb 5, 2026

Bumps semver to 5.7.2 and updates ancestor dependencies semver, react-scripts, @storybook/cli and dependency-cruiser. These dependencies need to be updated together.

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates semver from 6.3.0 to 6.3.1

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates semver from 5.7.0 to 5.7.0

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

  • Add version coercion capabilities

5.4

  • Add intersection checking

5.3

  • Add minSatisfying method

5.2

  • Add prerelease(v) that returns prerelease components

5.1

  • Add Backus-Naur for ranges
  • Remove excessively cute inspection methods

5.0

  • Remove AMD/Browserified build artifacts
  • Fix ltr and gtr when using the * range
  • Fix for range * with a prerelease identifier
Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Updates react-scripts from 3.3.1 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.4.4 (2020-10-20)

v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.3 to 3.4.4

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.4

or

yarn add --exact react-scripts@3.4.4

3.4.3 (2020-08-12)

v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.2 to 3.4.3

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.3

or

yarn add --exact react-scripts@3.4.3

3.4.2 (2020-08-11)

v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.1 to 3.4.2

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.2

or

... (truncated)

Commits

Updates @storybook/cli from 5.3.13 to 10.2.6

Release notes

Sourced from @​storybook/cli's releases.

v10.2.6

10.2.6

v10.2.5

10.2.5

v10.2.4

10.2.4

v10.2.3

10.2.3

  • Addon-Vitest: Normalize Windows paths in addon-vitest automigration - #33340, thanks @​tanujbhaud!
  • Core: Fix `previewHref` when current path does not end with a slash - #33647, thanks @​ghengeveld!

v10.2.2

10.2.2

v10.2.1

10.2.1

v10.2.0

10.2.0

... (truncated)

Changelog

Sourced from @​storybook/cli's changelog.

10.2.6

10.2.5

10.2.4

10.2.3

  • Addon-Vitest: Normalize Windows paths in addon-vitest automigration - #33340, thanks @​tanujbhaud!
  • Core: Fix previewHref when current path does not end with a slash - #33647, thanks @​ghengeveld!

10.2.2

10.2.1

10.2.0

Improved UI and story authoring ergonomics

Storybook 10.2 contains hundreds of fixes and improvement including:

  • 💅 New Viewports and Zoom UI
  • 🏭 Typesafe CSF factories for Vue, Angular, Web Components (preview)

... (truncated)

Commits
  • cc0d1f9 Bump version from "10.2.5" to "10.2.6" [skip ci]
  • 9b895ec Merge pull request #33718 from storybookjs/valentin/bundle-addon-vitest-posti...
  • 1053c2a Bump version from "10.2.4" to "10.2.5" [skip ci]
  • 8e2b782 Bump version from "10.2.3" to "10.2.4" [skip ci]
  • 1f194b1 Merge pull request #33673 from storybookjs/fix-csf-factory-preview-no-exports
  • 92ce460 Merge pull request #33645 from storybookjs/fix-csf-import-comments
  • fe31daf Merge pull request #33648 from storybookjs/kasper/csf-factories-non-interacti...
  • d959d6c Bump version from "10.2.2" to "10.2.3" [skip ci]
  • e367333 Bump version from "10.2.1" to "10.2.2" [skip ci]
  • acf2b44 Bump version from "10.2.0" to "10.2.1" [skip ci]
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​storybook/cli since your current version.


Updates dependency-cruiser from 7.2.0 to 17.3.7

Release notes

Sourced from dependency-cruiser's releases.

v17.3.7

🐛 fixes

  • a0955cd3 fix(analyze): also analyzes dependents when --reaches or --focus are the only reason to do so - thanks @​drewcpage for raising the issue that led to this fix!

👷 maintenance

  • 1289ed68 build(npm): updates external dependencies
  • d993ebdc refactor(config-utl): de-anonymize the one remaining anonymous function export
  • 817b8706 refactor: renames code in the analysis step to 'analyze'

🧹 chores

  • 67d16af4 chore: adds an override to prevent a transitive dependency from emitting annoying messages while our tests are running
  • 4af00554 chore(npm): updates external devDependencies
  • e166a58e chore(ci): moves workflow permissions to individual jobs
  • c6e7a856 chore(codeql): excludes generated validation code from scrutiny

v17.3.6

🐛 fixes

  • cd6fe3af fix(report/dot): makes the dot 'flat' reporter respect collapse patterns

🧑‍🏭 refactoring

  • d58c78ad/ e884b1e1/ 58c01d1d/ refactor: replace memoize with internal Maps (#1040)
  • 464388c0 refactor(cache): uses more appropriate Set for remembering which cache contexts were initialized
  • a4a7a807 refactor(report/teamcity): passes the flowId instead of memoizing it

📖 documentation

  • 9ca0ab0b doc: various updates to type annotations
  • f3648f61 doc(cli): refreshes the documentation of the configuration scaffolding template
  • 1b12e61a doc(cli): documents the 'ndjson' logging/ progress format
  • cd52da95 doc(cli): updates progress performance-log sample
  • 54becb36 doc(report/teamcity): uses same filename pattern for typedefs as used elsewhere in the src tree

👷 maintenance

  • 64d42f95 chore(npm): updates external devDependencies
  • a3a41f16 chore: tweaks dependency-cruiser configuration
  • f924f5c5 chore(LICENSE): 2026
  • 0a82fc36 chore(main): logs the 'report from cache' step as part of the 'report' step
  • 60981148 chore(ci): uses content based cache strategy as it's faster for our self-scan
  • f9b8565e chore(ci): updates known violations
  • 120cc755 chore(progress): adds runId and user & system totals to the ndjson listener output

v17.3.5

👷 maintenance

  • 2c72a14f perf(enrich/orphan): optimizes the data structure it exercises upon (#1037)
  • c80252ed perf(enrich/derive/metrics): only create indexed graph once (#1036)
  • 1dab573d perf(enrich/derive): uses better datastructure for deriving dependents (#1035)

... (truncated)

Commits
  • c9ed5f1 17.3.7
  • 1289ed6 build(npm): updates external dependencies
  • a0955cd fix(analyze): also analyzes dependents when --reaches or --focus are the only...
  • d993ebd refactor(config-utl): de-anonymize the one remaining anonymous function export
  • 67d16af chore: adds an override to prevent a ransitive dependency from emitting annoy...
  • 4af0055 chore(npm): updates external devDependencies
  • 817b870 refactor: renames code in the analysis step to 'analyze'
  • e166a58 chore(ci): moves workflow permissions to individual jobs
  • c6e7a85 chore(codeql): excludes generated validation code from scrutiny
  • 6372494 17.3.6
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for dependency-cruiser since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump semver, react-scripts, @storybook/cli and dependency-cruiser
c567dd9 
Bumps [semver](https://github.com/npm/node-semver) to 5.7.2 and updates ancestor dependencies [semver](https://github.com/npm/node-semver), [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts), [@storybook/cli](https://github.com/storybookjs/storybook/tree/HEAD/code/lib/cli-storybook) and [dependency-cruiser](https://github.com/sverweij/dependency-cruiser). These dependencies need to be updated together.


Updates `semver` from 5.7.1 to 5.7.2
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `semver` from 6.3.0 to 6.3.1
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `semver` from 5.7.0 to 5.7.0
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md)
- [Commits](npm/node-semver@v5.7.1...v5.7.2)

Updates `react-scripts` from 3.3.1 to 5.0.1
- [Release notes](https://github.com/facebook/create-react-app/releases)
- [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-3.x.md)
- [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@5.0.1/packages/react-scripts)

Updates `@storybook/cli` from 5.3.13 to 10.2.6
- [Release notes](https://github.com/storybookjs/storybook/releases)
- [Changelog](https://github.com/storybookjs/storybook/blob/next/CHANGELOG.md)
- [Commits](https://github.com/storybookjs/storybook/commits/v10.2.6/code/lib/cli-storybook)

Updates `dependency-cruiser` from 7.2.0 to 17.3.7
- [Release notes](https://github.com/sverweij/dependency-cruiser/releases)
- [Changelog](https://github.com/sverweij/dependency-cruiser/blob/main/CHANGELOG.md)
- [Commits](sverweij/dependency-cruiser@v7.2.0...v17.3.7)

---
updated-dependencies:
- dependency-name: semver
  dependency-version: 5.7.2
  dependency-type: indirect
- dependency-name: semver
  dependency-version: 6.3.1
  dependency-type: indirect
- dependency-name: semver
  dependency-version: 5.7.0
  dependency-type: indirect
- dependency-name: react-scripts
  dependency-version: 5.0.1
  dependency-type: direct:production
- dependency-name: "@storybook/cli"
  dependency-version: 10.2.6
  dependency-type: direct:development
- dependency-name: dependency-cruiser
  dependency-version: 17.3.7
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants