Bump serialize-javascript, webpack, @storybook/html and @rollup/plugin-terser

[dependabot]

Bumps serialize-javascript to 7.0.5 and updates ancestor dependencies serialize-javascript, webpack, @storybook/html and @rollup/plugin-terser. These dependencies need to be updated together.

Updates serialize-javascript from 6.0.2 to 7.0.5

Release notes

Sourced from serialize-javascript's releases.

v7.0.5

Fixes

• Improve robustness and validation for array-like object serialization.
• Fix an issue where certain object structures could lead to excessive CPU usage.

For more details, please see GHSA-qj8w-gfj5-8c6v.

v7.0.4

What's Changed

• release: v7.0.4 by @​okuryu in yahoo/serialize-javascript#211

Full Changelog: yahoo/serialize-javascript@v7.0.3...v7.0.4

v7.0.3

• fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207) 2e609d0
• build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206) 42b7cdb

---

yahoo/serialize-javascript@v7.0.2...v7.0.3

v7.0.2

What's Changed

• ci: bump GitHub Actions to latest versions by @​okuryu in yahoo/serialize-javascript#203
• ci: setup trusted publishing workflow by @​okuryu in yahoo/serialize-javascript#204
• release: v7.0.2 by @​okuryu in yahoo/serialize-javascript#205

Full Changelog: yahoo/serialize-javascript@v7.0.1...v7.0.2

v7.0.1

What's Changed

• Add warning about using this package to send arbitrary data to worker threads by @​valadaptive in yahoo/serialize-javascript#200
• security: sanitize function bodies by @​redonkulus in yahoo/serialize-javascript#199
• docs: tweak README by @​okuryu in yahoo/serialize-javascript#201
• release: v7.0.1 by @​okuryu in yahoo/serialize-javascript#202

New Contributors

• @​redonkulus made their first contribution in yahoo/serialize-javascript#199

Full Changelog: yahoo/serialize-javascript@v7.0.0...v7.0.1

v7.0.0

Breaking Changes

• requires Node.js v20+

What's Changed

• Bump mocha from 10.2.0 to 10.4.0 by @​dependabot[bot] in yahoo/serialize-javascript#178

... (truncated)

Commits

• df3f1c1 release: v7.0.5
• f147e90 Merge commit from fork
• eec32e0 release: v7.0.4
• d505715 7.0.3
• 2e609d0 fix(CVE-2020-7660): fix for RegExp.flags and Date.prototype.toISOString (#207)
• 42b7cdb build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#206)
• 44f544b release: v7.0.2 (#205)
• bba0ddd ci: setup trusted publishing workflow (#204)
• 235f6ea ci: bump GitHub Actions to latest versions (#203)
• f7fff15 release: v7.0.1 (#202)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for serialize-javascript since your current version.

Updates webpack from 4.47.0 to 5.105.4

Release notes

Sourced from webpack's releases.

v5.105.4

Patch Changes

• Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

• Handle createRequire in expressions. (by @​alexander-akait in #20549)

• Fixed types for multi stats. (by @​alexander-akait in #20556)

• Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

• Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

• Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

v5.105.3

Patch Changes

• Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

• Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

• Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

• Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

• Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

• Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

• Fix some types. (by @​alexander-akait in #20412)

• Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

• Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

• Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

• Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

• Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

v5.105.2

Patch Changes

• Fixed WebpackPluginInstance type regression. (by @​alexander-akait in #20440)

v5.105.1

Patch Changes

... (truncated)

Changelog

Sourced from webpack's changelog.

5.105.4

Patch Changes

• Add Module.getSourceBasicTypes to distinguish basic source types and clarify how modules with non-basic source types like remote still produce JavaScript output. (by @​xiaoxiaojx in #20546)

• Handle createRequire in expressions. (by @​alexander-akait in #20549)

• Fixed types for multi stats. (by @​alexander-akait in #20556)

• Remove empty needless js output for normal css module. (by @​JSerFeng in #20162)

• Update enhanced-resolve to support new features for tsconfig.json. (by @​alexander-akait in #20555)

• Narrows export presence guard detection to explicit existence checks on namespace imports only, i.e. patterns like "x" in ns. (by @​hai-x in #20561)

5.105.3

Patch Changes

• Context modules now handle rejections correctly. (by @​alexander-akait in #20455)

• Only mark asset modules as side-effect-free when experimental.futureDefaults is set to true, so asset-copying use cases (e.g. import "./x.png") won’t break unless the option is enabled. (by @​hai-x in #20535)

• Add the missing webpack_exports declaration in certain cases when bundling a JS entry together with non-JS entries (e.g., CSS entry or asset module entry). (by @​hai-x in #20463)

• Fixed HMR failure for CSS modules with @​import when exportType !== "link". When exportType is not "link", CSS modules now behave like JavaScript modules and don't require special HMR handling, allowing @​import CSS to work correctly during hot module replacement. (by @​xiaoxiaojx in #20514)

• Fixed an issue where empty JavaScript files were generated for CSS-only entry points. The code now correctly checks if entry modules have JavaScript source types before determining whether to generate a JS file. (by @​xiaoxiaojx in #20454)

• Do not crash when a referenced chunk is not a runtime chunk. (by @​alexander-akait in #20461)

• Fix some types. (by @​alexander-akait in #20412)

• Ensure that missing module error are thrown after the interception handler (if present), allowing module interception to customize the module factory. (by @​hai-x in #20510)

• Added createRequire support for ECMA modules. (by @​stefanbinoj in #20497)

• Added category for CJS reexport dependency to fix issues with ECMA modules. (by @​hai-x in #20444)

• Implement immutable bytes for bytes import attribute to match tc39 spec. (by @​alexander-akait in #20481)

• Fixed deterministic search for graph roots regardless of edge order. (by @​veeceey in #20452)

5.105.2

Patch Changes

• Fixed WebpackPluginInstance type regression. (by @​alexander-akait in #20440)

... (truncated)

Commits

• 27c13b4 chore(release): new release (#20550)
• 9b2f41e chore: bump terser plugin (#20569)
• eafe060 fix: narrow the export presence guard detection (#20561)
• 75d605c refactor: add AppendOnlyStackedSet iteration support and tests (#20560)
• afa607d refactor: remove unused code (#20562)
• 4098902 test: add source files for web-webworker and web-webworker-auto-public-path (...
• f97be67 refactor: fix duplicated word in Compilation JSDoc (#20547)
• 9d76fff refactor: add Module.getSourceBasicTypes for basic JS type detection (#20546)
• a3d7839 fix: types for multi stats (#20556)
• b8e9b05 fix: update enhanced-resolve to support new features for tsconfig.json (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for webpack since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @storybook/html from 6.5.9 to 10.3.3

Release notes

Sourced from @​storybook/html's releases.

v10.3.3

10.3.3

• Addon-Vitest: Streamline vite(st) config detection across init and postinstall - #34193, thanks @​valentinpalkovic!

v10.3.2

10.3.2

• CLI: Shorten CTA link messages - #34236, thanks @​shilman!
• React Native Web: Fix vite8 support by bumping vite-plugin-rnw - #34231, thanks @​dannyhw!

v10.3.1

10.3.1

• CLI: Use npm info to fetch versions in repro command - #34214, thanks @​yannbf!
• Core: Prevent story-local viewport from persisting in URL - #34153, thanks @​ghengeveld!

v10.3.0

10.3.0

> Improved developer experience, AI-assisting tools, and broader ecosystem support

Storybook 10.3 contains hundreds of fixes and improvements including:

• 🤖 Storybook MCP: Agentic component dev, docs, and test (Preview release for React)
• ⚡ Vite 8 support
• ▲ Next.js 16.2 support
• 📝 ESLint 10 support
• 〰️ Addon Pseudo-States: Tailwind v4 support
• 🔧 Addon-Vitest: Simplified configuration - no more setup files required
• ♿ Numerous accessibility improvements across the UI

• A11y: Add ScrollArea prop focusable for when it has static children - #33876, thanks @​Sidnioulz!
• A11y: Ensure popover dialogs have an ARIA label - #33500, thanks @​gayanMatch!
• A11y: Make resize handles for addon panel and sidebar accessible #33980
• A11y: Underline MDX links for WCAG SC 1.4.1 compliance - #33139, thanks @​NikhilChowdhury27!
• Actions: Add expandLevel parameter to configure tree depth - #33977, thanks @​mixelburg!
• Actions: Fix HandlerFunction type to support async callback props - #33864, thanks @​mixelburg!
• Addon-Docs: Add React as optimizeDeps entry - #34176, thanks @​valentinpalkovic!
• Addon-Docs: Add support for `sourceState: 'none'` to canvas block parameters - #33627, thanks @​quisido!
• Addon-docs: Restore `docs.components` overrides for doc blocks #34111
• Addon-Vitest: Add channel API to programmatically trigger test runs - #33206, thanks @​JReinhold!
• Addon-Vitest: Handle additional vitest config export patterns in postinstall - #34106, thanks @​copilot-swe-agent!
• Addon-Vitest: Make Playwright `--with-deps` platform-aware to avoid `sudo` prompt on Linux #34121
• Addon-Vitest: Refactor Vitest setup to eliminate the need for a dedicated setup file - #34025, thanks @​valentinpalkovic!
• Addon-Vitest: Support Vitest canaries - #33833, thanks @​valentinpalkovic!
• Angular: Add moduleResolution: bundler to tsconfig - #34085, thanks @​valentinpalkovic!

... (truncated)

Changelog

Sourced from @​storybook/html's changelog.

10.3.3

• Addon-Vitest: Streamline vite(st) config detection across init and postinstall - #34193, thanks @​valentinpalkovic!

10.3.2

• CLI: Shorten CTA link messages - #34236, thanks @​shilman!
• React Native Web: Fix vite8 support by bumping vite-plugin-rnw - #34231, thanks @​dannyhw!

10.3.1

• CLI: Use npm info to fetch versions in repro command - #34214, thanks @​yannbf!
• Core: Prevent story-local viewport from persisting in URL - #34153, thanks @​ghengeveld!

10.3.0

> Improved developer experience, AI-assisting tools, and broader ecosystem support

Storybook 10.3 contains hundreds of fixes and improvements including:

• 🤖 Storybook MCP: Agentic component dev, docs, and test (Preview release for React)
• ⚡ Vite 8 support
• ▲ Next.js 16.2 support
• 📝 ESLint 10 support
• 〰️ Addon Pseudo-States: Tailwind v4 support
• 🔧 Addon-Vitest: Simplified configuration - no more setup files required
• ♿ Numerous accessibility improvements across the UI

... (truncated)

Commits

• b0acfb4 Bump version from "10.3.2" to "10.3.3" [skip ci]
• 308656f Bump version from "10.3.1" to "10.3.2" [skip ci]
• 24c2c2c Bump version from "10.3.0" to "10.3.1" [skip ci]
• 06cb6a6 Bump version from "10.3.0-beta.3" to "10.3.0" [skip ci]
• 94b9430 Bump version from "10.3.0-beta.2" to "10.3.0-beta.3" [skip ci]
• af5b7de Bump version from "10.3.0-beta.1" to "10.3.0-beta.2" [skip ci]
• a571619 Bump version from "10.3.0-beta.0" to "10.3.0-beta.1" [skip ci]
• 546aece Bump version from "10.3.0-alpha.17" to "10.3.0-beta.0" [skip ci]
• ceda0b4 Bump version from "10.3.0-alpha.16" to "10.3.0-alpha.17" [skip ci]
• 1ed871c Bump version from "10.3.0-alpha.15" to "10.3.0-alpha.16" [skip ci]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​storybook/html since your current version.

Updates @rollup/plugin-terser from 0.4.4 to 1.0.0

Changelog

Sourced from @​rollup/plugin-terser's changelog.

v1.0.0

2026-03-05

Breaking Changes

• terser!: upgrade serialize-javascript to v7 and node to v20 (#1968)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​rollup/plugin-terser since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[changeset-bot]

⚠️ No Changeset found

Latest commit: d2719d9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[netlify]

❌ Deploy Preview for cloudfour-patterns failed.

Name	Link
🔨 Latest commit	d2719d9
🔍 Latest deploy log	https://app.netlify.com/projects/cloudfour-patterns/deploys/69cabba2304cd8000853b8a4