chore: fix 30 of 31 security advisories in devDependencies

- Upgrade Storybook v7 → v10 (resolves critical Handlebars injection,
  clears lodash/tar/minimatch chains from the webpack5 builder)
- Upgrade rollup v1 → v4 + migrate to @rollup/plugin-* (resolves DOM
  clobbering and path traversal advisories)
- Upgrade rimraf v3 → v5 (drops old glob → minimatch chain)
- Add yarn resolutions to force patched versions of: handlebars, lodash,
  flatted, yaml, serialize-javascript, picomatch
- Exclude src/stories from main tsconfig; add tsconfig.storybook.json
  with moduleResolution:bundler for Storybook v10 type compat

Audit: 213 paths (31 advisories) → 1 path (1 low advisory).
Published package is unaffected — zero runtime dependencies.

Author: iamdarshshah

.eslintrc.js

@@ -18,6 +18,7 @@ module.exports = {
     'plugin:@typescript-eslint/recommended',
     'plugin:@typescript-eslint/recommended-requiring-type-checking',
     'prettier',
+    'plugin:storybook/recommended',
   ],
   settings: {
     react: {

.storybook/main.ts

@@ -5,7 +5,7 @@ const config: StorybookConfig = {
     '../src/**/*.stories.@(js|jsx|ts|tsx)',
     '../src/stories/stories.tsx',
   ],
-  addons: ['@storybook/addon-essentials'],
+  addons: ['@storybook/addon-docs'],
   framework: {
     name: '@storybook/react-webpack5',
     options: {},

package.json

@@ -53,9 +53,8 @@
     "@babel/preset-react": "^7.28.5",
     "@babel/preset-typescript": "^7.28.5",
     "@size-limit/preset-small-lib": "^12.0.1",
-    "@storybook/addon-essentials": "^7.6.0",
-    "@storybook/react": "^7.6.0",
-    "@storybook/react-webpack5": "^7.6.0",
+    "@storybook/react": "^10.3.5",
+    "@storybook/react-webpack5": "^10.3.5",
     "@testing-library/react": "^12.1.5",
     "@types/jest": "^29.5.14",
     "@types/react": "^17.0.0",
@@ -74,14 +73,16 @@
     "prettier": "^2.8.0",
     "react": "^17.0.2",
     "react-dom": "^17.0.2",
-    "rimraf": "^3.0.0",
-    "rollup": "^1.26.3",
-    "rollup-plugin-node-resolve": "^5.2.0",
-    "rollup-plugin-typescript2": "^0.25.2",
+    "@rollup/plugin-node-resolve": "^15.0.0",
+    "@rollup/plugin-typescript": "^11.0.0",
+    "rimraf": "^5.0.0",
+    "rollup": "^4.0.0",
     "size-limit": "^12.0.1",
-    "storybook": "^7.6.0",
+    "storybook": "^10.3.5",
     "ts-jest": "^29.4.6",
-    "typescript": "^4.9.0"
+    "typescript": "^4.9.0",
+    "eslint-plugin-storybook": "10.3.5",
+    "@storybook/addon-docs": "^10.3.5"
   },
   "dependencies": {
     "throttle-debounce": "^2.1.0"
@@ -96,6 +97,14 @@
       "limit": "6 kB"
     }
   ],
+  "resolutions": {
+    "picomatch": ">=2.3.2",
+    "handlebars": ">=4.7.9",
+    "lodash": ">=4.17.23",
+    "flatted": ">=3.4.2",
+    "yaml": ">=2.8.3",
+    "serialize-javascript": ">=7.0.5"
+  },
   "lint-staged": {
     "*.{js,css,json,md}": [
       "prettier --write"

rollup.config.js

@@ -1,6 +1,7 @@
-import resolve from 'rollup-plugin-node-resolve';
-import typescript from 'rollup-plugin-typescript2';
-import pkg from './package.json';
+import resolve from '@rollup/plugin-node-resolve';
+import typescript from '@rollup/plugin-typescript';
+import { readFileSync } from 'fs';
+const pkg = JSON.parse(readFileSync('./package.json', 'utf-8'));
 export default {
   input: './src/index.tsx',
   output: [
@@ -22,5 +23,5 @@ export default {
     },
   ],
   external: [...Object.keys(pkg.peerDependencies || {}), 'react/jsx-runtime'],
-  plugins: [resolve(), typescript({ useTsconfigDeclarationDir: true })],
+  plugins: [resolve(), typescript()],
 };

tsconfig.json

@@ -6,23 +6,23 @@
     "lib": [
       "ES2019",
       "DOM"
-    ], /* Specify library files to be included in the compilation. */
+    ] /* Specify library files to be included in the compilation. */,
     // "allowJs": true,                       /* Allow javascript files to be compiled. */
     // "checkJs": true,                       /* Report errors in .js files. */
     "jsx": "react-jsx" /* Specify JSX code generation: 'preserve', 'react-native', or 'react'. */,
     "declaration": true /* Generates corresponding '.d.ts' file. */,
     "declarationDir": "./dist",
-    "declarationMap": true, /* Generates a sourcemap for each corresponding '.d.ts' file. */
-    "sourceMap": true, /* Generates corresponding '.map' file. */
+    "declarationMap": true /* Generates a sourcemap for each corresponding '.d.ts' file. */,
+    "sourceMap": true /* Generates corresponding '.map' file. */,
     // "outFile": "./",                       /* Concatenate and emit output to single file. */
-    "outDir": "./dist", /* Redirect output structure to the directory. */
+    "outDir": "./dist" /* Redirect output structure to the directory. */,
     // "rootDir": "./",                       /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
     // "composite": true,                     /* Enable project compilation */
     // "removeComments": true,                /* Do not emit comments to output. */
     // "noEmit": true,                        /* Do not emit outputs. */
     // "importHelpers": true,                 /* Import emit helpers from 'tslib'. */
     // "downlevelIteration": true,            /* Provide full support for iterables in 'for-of', spread, and destructuring when targeting 'ES5' or 'ES3'. */
-    "isolatedModules": true, /* Transpile each file as a separate module (similar to 'ts.transpileModule'). */
+    "isolatedModules": true /* Transpile each file as a separate module (similar to 'ts.transpileModule'). */,
     /* Strict Type-Checking Options */
     "strict": true /* Enable all strict type-checking options. */,
     "noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
@@ -47,7 +47,7 @@
     // "allowSyntheticDefaultImports": true,  /* Allow default imports from modules with no default export. This does not affect code emit, just typechecking. */
     "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */,
     "skipLibCheck": true,
-    "forceConsistentCasingInFileNames": true,
+    "forceConsistentCasingInFileNames": true
     // "preserveSymlinks": true,              /* Do not resolve the real path of symlinks. */
     /* Source Map Options */
     // "sourceRoot": "",                      /* Specify the location where debugger should locate TypeScript files instead of source locations. */
@@ -64,8 +64,5 @@
     "jest.config.js",
     "rollup.config.js"
   ],
-  "exclude": [
-    "node_modules",
-    "dist"
-  ]
-}
+  "exclude": ["node_modules", "dist", "src/stories"]
+}

tsconfig.storybook.json

@@ -0,0 +1,8 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "moduleResolution": "bundler",
+    "noEmit": true
+  },
+  "include": ["src/stories/**/*", ".storybook/**/*"]
+}