Skip to content

chore: upgrade storybook dependencies#4692

Open
tjuanitas wants to merge 4 commits into
masterfrom
chore-upgrade-storybook
Open

chore: upgrade storybook dependencies#4692
tjuanitas wants to merge 4 commits into
masterfrom
chore-upgrade-storybook

Conversation

@tjuanitas

@tjuanitas tjuanitas commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • New Features
    • Updated the Storybook interface with refreshed colors and improved toolbar controls.
    • Added more reliable handling for streaming responses in Storybook’s request mocking.
    • Included request timing details for intercepted mock requests.
  • Bug Fixes
    • Improved Storybook mock behavior for metadata query sorting.
    • Updated Storybook and visual testing integrations for improved compatibility.
  • Chores
    • Simplified the visual testing workflow configuration.

@tjuanitas tjuanitas requested a review from a team as a code owner July 10, 2026 23:10
@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

Updates Storybook 10 tooling, configuration, theming, and CI naming. The MSW service worker now reports interception timestamps and handles SSE responses without cloning. A metadata visual-story mock directly parses typed order_by data.

Changes

Storybook tooling and build wiring

Layer / File(s) Summary
Storybook tooling and build wiring
.circleci/config.yml, .storybook/main.ts, package.json
Storybook, Chromatic, and MSW packages are upgraded; webpack/i18n imports are updated; and the Chromatic CI job is renamed.

Storybook UI configuration

Layer / File(s) Summary
Storybook UI configuration
.storybook/customTheme.ts, .storybook/manager.ts
Theme colors are revised and two toolbar actions are hidden.

MSW interception and response flow

Layer / File(s) Summary
MSW interception and response flow
.storybook/public/mockServiceWorker.js
Intercepted requests include timestamps, MOCK_DEACTIVATE handling is removed, and SSE response bodies are not cloned before serialization.

Metadata visual-story request parsing

Layer / File(s) Summary
Metadata visual-story request parsing
src/elements/content-explorer/stories/tests/MetadataView-visual.stories.tsx
The metadata mock destructures typed order_by data directly from the request payload.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Browser
  participant mockServiceWorker
  participant StorybookClient
  Browser->>mockServiceWorker: fetch request
  mockServiceWorker->>mockServiceWorker: record interception timestamp
  mockServiceWorker->>StorybookClient: send REQUEST with interceptedAt
  mockServiceWorker->>mockServiceWorker: process response and detect SSE
  mockServiceWorker->>StorybookClient: send RESPONSE with conditional body
Loading

Possibly related PRs

Suggested labels: ready-to-merge

Suggested reviewers: greg-in-a-box, jpan-box, jfox-box

Poem

I’m a rabbit with a Storybook tune,
Upgrading packages beneath the moon.
SSE streams now hop with care,
Timestamps dance through worker air.
Blue themes shine, toolbar bunnies hide—
Clean new builds with carrots inside!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description is missing and does not follow the repository's required template. Add the required template content, including the ready-to-merge guidance and any other merge notes required by the repository.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: Storybook dependency upgrades.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore-upgrade-storybook

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@socket-security

socket-security Bot commented Jul 10, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/storybook@10.5.0npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @mswjs/interceptors is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/msw@2.15.0npm/@mswjs/interceptors@0.41.9

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@mswjs/interceptors@0.41.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this file is auto generated

Comment thread .storybook/customTheme.ts

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the update caused the toolbar button colors to not work. so I just copied the theme used in blueprint

Comment thread .storybook/main.ts

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

breaking change for storybook caused the imports to not work

Comment thread .storybook/manager.ts

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

weird type issue appearing

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
src/elements/content-explorer/stories/tests/MetadataView-visual.stories.tsx (1)

324-326: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Consider a more specific type assertion for order_by.

The assertion as { order_by } leaves order_by implicitly untyped, so order_by[0].direction and order_by[0].field_key get no type checking. The upstream contract (MetadataQueryOrderByClause from src/common/types/metadataQueries.js) defines direction and field_key as required string fields.

♻️ Suggested type improvement
-                    const { order_by } = (await request.clone().json()) as { order_by };
+                    const { order_by } = (await request.clone().json()) as {
+                        order_by: Array<{ direction: string; field_key: string }>;
+                    };
                     const orderByDirection = order_by[0].direction;
                     const orderByFieldKey = order_by[0].field_key;
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/elements/content-explorer/stories/tests/MetadataView-visual.stories.tsx`
around lines 324 - 326, Update the request JSON assertion in the relevant mock
handler to type order_by as MetadataQueryOrderByClause[] using the existing type
from metadataQueries.js, then access direction and field_key through that typed
array so both fields receive compile-time validation.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Around line 154-165: Align the Storybook dependency versions by either
upgrading `@storybook/addon-styling-webpack` to a release that explicitly supports
Storybook 10.5.0, or change the Storybook packages such as `@storybook/addon-docs`
and `@storybook/react-webpack5` back to a supported 10.4.x release.

---

Nitpick comments:
In `@src/elements/content-explorer/stories/tests/MetadataView-visual.stories.tsx`:
- Around line 324-326: Update the request JSON assertion in the relevant mock
handler to type order_by as MetadataQueryOrderByClause[] using the existing type
from metadataQueries.js, then access direction and field_key through that typed
array so both fields receive compile-time validation.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1d385f3e-2ac3-45e9-bbf3-f3229187aedc

📥 Commits

Reviewing files that changed from the base of the PR and between b6ebe89 and 1b8e309.

⛔ Files ignored due to path filters (1)
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (7)
  • .circleci/config.yml
  • .storybook/customTheme.ts
  • .storybook/main.ts
  • .storybook/manager.ts
  • .storybook/public/mockServiceWorker.js
  • package.json
  • src/elements/content-explorer/stories/tests/MetadataView-visual.stories.tsx

Comment thread package.json
Comment on lines +154 to +165
"@chromatic-com/storybook": "^5.2.1",
"@commitlint/cli": "^19.8.0",
"@commitlint/config-conventional": "^19.8.0",
"@eslint/eslintrc": "^3.1.0",
"@eslint/js": "^9.6.0",
"@formatjs/intl-pluralrules": "^1.5.2",
"@formatjs/intl-relativetimeformat": "^4.5.9",
"@hapi/address": "^2.1.4",
"@storybook/addon-docs": "^9.1.20",
"@storybook/addon-styling-webpack": "^2.0.0",
"@storybook/addon-webpack5-compiler-babel": "^3.0.6",
"@storybook/react-webpack5": "^9.1.20",
"@storybook/addon-docs": "^10.5.0",
"@storybook/addon-styling-webpack": "^3.0.2",
"@storybook/addon-webpack5-compiler-babel": "^4.0.1",
"@storybook/react-webpack5": "^10.5.0",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check installed versions and peer dependency requirements
cat node_modules/storybook/package.json 2>/dev/null | jq '{version, engines, peerDependencies}' || echo "storybook not installed"
cat node_modules/chromatic/package.json 2>/dev/null | jq '{version, engines, peerDependencies}' || echo "chromatic not installed"
cat node_modules/@chromatic-com/storybook/package.json 2>/dev/null | jq '{version, engines, peerDependencies}' || echo "`@chromatic-com/storybook` not installed"
cat node_modules/msw-storybook-addon/package.json 2>/dev/null | jq '{version, engines, peerDependencies}' || echo "msw-storybook-addon not installed"
cat node_modules/storybook-react-intl/package.json 2>/dev/null | jq '{version, engines, peerDependencies}' || echo "storybook-react-intl not installed"
cat node_modules/@storybook/addon-styling-webpack/package.json 2>/dev/null | jq '{version, peerDependencies}' || echo "addon-styling-webpack not installed"
cat node_modules/@storybook/addon-webpack5-compiler-babel/package.json 2>/dev/null | jq '{version, peerDependencies}' || echo "addon-webpack5-compiler-babel not installed"

Repository: box/box-ui-elements

Length of output: 1346


@storybook/addon-styling-webpack needs a Storybook 10.5-compatible release 3.0.2 only declares support through 10.4.0-0, but this bump pulls 10.5.0. Update the addon or keep Storybook on a supported 10.4.x release.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` around lines 154 - 165, Align the Storybook dependency versions
by either upgrading `@storybook/addon-styling-webpack` to a release that
explicitly supports Storybook 10.5.0, or change the Storybook packages such as
`@storybook/addon-docs` and `@storybook/react-webpack5` back to a supported 10.4.x
release.

Source: Learnings

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant