chore(deps): bump storybook from 9.0.15 to 9.1.19

[dependabot]

Bumps storybook from 9.0.15 to 9.1.19.

Release notes

Sourced from storybook's releases.

v9.1.19

9.1.19

• Harden websocket connection

v9.1.18

9.1.18

• No-op release. No changes.

v9.1.17

9.1.17

• Core: Fix .env-file parsing, thanks @​jreinhold!

Changelog

Sourced from storybook's changelog.

9.1.19

• Harden websocket connection

9.1.18

• No-op release. No changes.

9.1.16

• CLI: Fix Nextjs project creation in empty directories - #32828, thanks @​yannbf!
• Core: Add experimental_devServer preset - #32862, thanks @​yannbf!
• Telemetry: Fix preview-first-load event - #32859, thanks @​shilman!

9.1.15

• Core: Add preview-first-load telemetry - #32770, thanks @​shilman!
• Dependencies: Update vite-plugin-storybook-nextjs - #32821, thanks @​ndelangen!

9.1.14

• NextJS: Add NextJS 16 support - #32791, thanks @​yannbf and @​ndelangen!
• Addon-Vitest: Support Vitest 4 - #32819, thanks @​yannbf and @​ndelangen!
• CSF: Fix play-fn tag for methods - #32695, thanks @​shilman!

9.1.13

• Nextjs: Fix config access for Vite - #32759, thanks @​valentinpalkovic!

9.1.12

• Maintenance: Hotfix for missing nextjs dts files, thanks @​ndelangen!

9.1.11

• Automigration: Improve the viewport/backgrounds automigration - #32619, thanks @​valentinpalkovic!
• Mocking: Fix sb.mock usage in Storybook's deployed in subpaths - #32678, thanks @​valentinpalkovic!
• NextJS-Vite: Automatically fix bad PostCSS configuration - #32691, thanks @​ndelangen!
• React Native Web: Fix REACT_NATIVE_AND_RNW should detect vite builder - #32718, thanks @​dannyhw!
• Telemetry: Add metadata for react routers - #32615, thanks @​shilman!

9.1.10

• Automigrations: Add automigration for viewport and backgrounds - #31614, thanks @​valentinpalkovic!
• Telemetry: Log userAgent in onboarding - #32566, thanks @​shilman!

9.1.9

• Angular: Enable experimental zoneless detection on Angular v21 - #32580, thanks @​yannbf!
• Svelte: Ignore inherited HTMLAttributes docgen when using utility types - #32173, thanks @​steciuk!

... (truncated)

Commits

• 20887f1 Bump version from "9.1.18" to "9.1.19" [skip ci]
• 66b2d8e Fix test
• 31f16c4 fix linting
• 62dd25b Core: Require token for websocket connections
• bbe61e3 Bump version from "9.1.17" to "9.1.18" [skip ci]
• d0d5a3d Bump version from 9.1.16 to 9.1.17 MANUALLY
• a06c257 filter env vars from .env files
• a54a04c Bump version from "9.1.15" to "9.1.16" [skip ci]
• ebd7ff5 Merge pull request #32859 from storybookjs/shilman/first-load-new-user
• da2da6e Merge pull request #32862 from storybookjs/yann/patch-dev-server-preset
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for storybook since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Labels

The following labels could not be found: chore: update dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 9e3968d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
appkit-demo	Ready	Preview, Comment	Feb 27, 2026 11:16am
appkit-gallery	Ready	Preview	Feb 27, 2026 11:16am
appkit-headless-sample-app	Error		Feb 27, 2026 11:16am
appkit-laboratory	Error		Feb 27, 2026 11:16am

9 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
appkit-basic-example	Ignored		Feb 27, 2026 11:16am
appkit-basic-sign-client-example	Ignored		Feb 27, 2026 11:16am
appkit-basic-up-example	Ignored		Feb 27, 2026 11:16am
appkit-ethers5-bera	Ignored		Feb 27, 2026 11:16am
appkit-nansen-demo	Ignored		Feb 27, 2026 11:16am
appkit-wagmi-cdn-example	Ignored		Feb 27, 2026 11:16am
ethereum-provider-wagmi-example	Ignored		Feb 27, 2026 11:16am
next-wagmi-solana-bitcoin-example	Ignored		Feb 27, 2026 11:16am
vue-wagmi-example	Ignored		Feb 27, 2026 11:16am

[github-actions]

Visual Regression Test Results ❌ Failed

✨ No visual changes detected

Chromatic Build: undefined
Storybook Preview: undefined

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	husky@​9.1.7
	@​walletconnect/​logger@​3.0.2
	@​solana/​wallet-standard-features@​1.3.0
	@​wallet-standard/​app@​1.1.0
	@​wallet-standard/​wallet@​1.1.0
	@​wallet-standard/​base@​1.1.0
	@​wallet-standard/​features@​1.1.0
	esbuild@​0.27.2
	process@​0.11.10
	buffer@​6.0.3
	clsx@​2.1.1
	date-fns@​4.1.0
	big.js@​6.2.2
	classnames@​2.5.1
	qrcode@​1.5.3
	chalk@​4.1.2
	bip39@​3.1.0
	dayjs@​1.11.13
	borsh@​0.7.0
	bs58@​6.0.0
	eventemitter3@​5.0.1
	typescript@​5.8.3
	semver@​7.7.2
	pino@​7.11.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: pnpm-lock.yaml → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report