Core: Support esbuild@^0.25

[JReinhold]

Closes #30558

Vite still doesn't support esbuild@^0.25 yet (vitejs/vite#19389), there's nothing we can do about that. Neither Vite nor Storybook is affected by the vulnerability, but npm audit doesn't know that.

What I did

• Added esbuild@^0.25 as a supported version in dependencies
• Upgraded to said version internally in the monorepo

The breaking changes of esbuild doesn't seem to impact Storybook. Potentially the CSS nesting fixes could impact some addon, but it seems like they are more fixes than breaking changes.

Checklist for Contributors

Testing

The changes in this PR are covered in the following automated tests:

• stories
• unit tests
• integration tests
• end-to-end tests

Manual testing

This section is mandatory for all contributions. If you believe no manual test is necessary, please state so explicitly. Thanks!

Documentation

• Add or update documentation reflecting your changes
• If you are deprecating/removing a feature, make sure to update
  MIGRATION.MD

Checklist for Maintainers

• When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli-storybook/src/sandbox-templates.ts

• Make sure this PR contains one of the labels below:

  Available labels

  • bug: Internal changes that fixes incorrect behavior.
  • maintenance: User-facing maintenance tasks.
  • dependencies: Upgrading (sometimes downgrading) dependencies.
  • build: Internal-facing build tooling & test updates. Will not show up in release changelog.
  • cleanup: Minor cleanup style change. Will not show up in release changelog.
  • documentation: Documentation only changes. Will not show up in release changelog.
  • feature request: Introducing a new feature.
  • BREAKING CHANGE: Changes that break compatibility in some way with current major version.
  • other: Changes that don't fit in the above categories.

🦋 Canary release

This PR does not have a canary release associated. You can request a canary release of this pull request by mentioning the @storybookjs/core team here.

core team members can create a canary release here or locally with gh workflow run --repo storybookjs/storybook canary-release-pr.yml --field pr=<PR_NUMBER>

name	before	after	diff	z	%
createSize	0 B	0 B	0 B	-	-
generateSize	80.5 MB	80.5 MB	0 B	-4.35	0%
initSize	80.5 MB	80.5 MB	0 B	-4.35	0%
diffSize	97 B	97 B	0 B	-	0%
buildSize	7.31 MB	7.31 MB	312 B	66.56	0%
buildSbAddonsSize	1.9 MB	1.9 MB	-380 B	-Infinity	0%
buildSbCommonSize	195 kB	195 kB	0 B	-	0%
buildSbManagerSize	1.88 MB	1.88 MB	692 B	Infinity	0%
buildSbPreviewSize	0 B	0 B	0 B	-	-
buildStaticSize	0 B	0 B	0 B	-	-
buildPrebuildSize	3.97 MB	3.97 MB	312 B	Infinity	0%
buildPreviewSize	3.34 MB	3.34 MB	0 B	-1.53	0%
testBuildSize	0 B	0 B	0 B	-	-
testBuildSbAddonsSize	0 B	0 B	0 B	-	-
testBuildSbCommonSize	0 B	0 B	0 B	-	-
testBuildSbManagerSize	0 B	0 B	0 B	-	-
testBuildSbPreviewSize	0 B	0 B	0 B	-	-
testBuildStaticSize	0 B	0 B	0 B	-	-
testBuildPrebuildSize	0 B	0 B	0 B	-	-
testBuildPreviewSize	0 B	0 B	0 B	-	-

name	before	after	diff	z	%
createTime	8s	7.7s	-304ms	-0.87	-3.9%
generateTime	18.8s	19.8s	968ms	-0.33	4.9%
initTime	4.3s	4.9s	622ms	0.29	12.6%
buildTime	9s	9.6s	555ms	0.02	5.8%
testBuildTime	0ms	0ms	0ms	-	-
devPreviewResponsive	5.3s	5.1s	-182ms	-0.71	-3.5%
devManagerResponsive	3.9s	3.9s	6ms	-0.61	0.2%
devManagerHeaderVisible	995ms	670ms	-325ms	-1.14	-48.5%
devManagerIndexVisible	1s	684ms	-327ms	-1.21	-47.8%
devStoryVisibleUncached	4s	3.5s	-430ms	-0.66	-12%
devStoryVisible	1s	699ms	-350ms	-1.26	🔰-50.1%
devAutodocsVisible	942ms	752ms	-190ms	-0.38	-25.3%
devMDXVisible	948ms	712ms	-236ms	-0.81	-33.1%
buildManagerHeaderVisible	872ms	824ms	-48ms	0.36	-5.8%
buildManagerIndexVisible	958ms	891ms	-67ms	0.53	-7.5%
buildStoryVisible	843ms	806ms	-37ms	0.46	-4.6%
buildAutodocsVisible	775ms	611ms	-164ms	-0.32	-26.8%
buildMDXVisible	660ms	609ms	-51ms	-0.26	-8.4%

Greptile Summary

Updates esbuild dependency to version ^0.25.0 across multiple package.json files to address a moderate severity security vulnerability (GHSA-67mh-4wv8-2f99).

• Updated esbuild to ^0.25.0 in code/core/package.json for both dependencies and devDependencies
• Updated esbuild to ^0.25.0 in scripts/package.json resolutions and dependencies
• Updated esbuild to ^0.25.0 in code/package.json resolutions field
• Note: Vite compatibility with esbuild@^0.25 is pending, but neither Vite nor Storybook is affected by the vulnerability

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 26843e1.

Command	Status	Duration	Result
nx run-many -t build --parallel=3	✅ Succeeded	1m 59s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-02-19 08:28:43 UTC

[storybook-pr-benchmarking]

Package Benchmarks

^{Commit: 26843e1, ran on 19 February 2025 at 08:36:10 UTC}

The following packages have significant changes to their size or dependencies:

@storybook/core

	Before	After	Difference
Dependency count	52	52	0
Self size	19.26 MB	19.26 MB	🚨 +881 B 🚨
Dependency size	14.19 MB	14.26 MB	🚨 +62 KB 🚨
Bundle Size Analyzer	Link	Link

storybook

	Before	After	Difference
Dependency count	53	53	0
Self size	23 KB	23 KB	0 B
Dependency size	33.45 MB	33.51 MB	🚨 +62 KB 🚨
Bundle Size Analyzer	Link	Link

sb

	Before	After	Difference
Dependency count	54	54	0
Self size	1 KB	1 KB	0 B
Dependency size	33.47 MB	33.54 MB	🚨 +62 KB 🚨
Bundle Size Analyzer	Link	Link

@storybook/cli

	Before	After	Difference
Dependency count	359	359	0
Self size	279 KB	279 KB	0 B
Dependency size	83.94 MB	84.00 MB	🚨 +63 KB 🚨
Bundle Size Analyzer	Link	Link

@storybook/codemod

	Before	After	Difference
Dependency count	275	275	0
Self size	612 KB	612 KB	🚨 +6 B 🚨
Dependency size	65.52 MB	65.58 MB	🚨 +62 KB 🚨
Bundle Size Analyzer	Link	Link

[greptile-apps]

LGTM

_{3 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings | Greptile}