build(deps-dev): bump @storybook/addon-onboarding from 10.2.10 to 10.3.5

[dependabot]

Bumps @storybook/addon-onboarding from 10.2.10 to 10.3.5.

Release notes

Sourced from @​storybook/addon-onboarding's releases.

v10.3.5

10.3.5

• Core: Disable component manifest by default - #34408, thanks @​yannbf!

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

v10.3.4

10.3.4

• Addon-a11y: Clear status transition timer on unmount to prevent test flake - #34203, thanks @​mixelburg!
• Bug: Skip re-processing already transformed config files for CSF factories - #34273, thanks @​huang-julien!
• Builder-Vite: Use djb2 hash to prevent variable name collisions in builder-vite - #34274, thanks @​chida09!
• CLI: Prompt for init crash reports - #34316, thanks @​JReinhold!
• CSF4: Fix duplicate preview loading issue in Vitest - #34361, thanks @​valentinpalkovic!
• Core: Fix WebSocket connection for StackBlitz/WebContainers - #34281, thanks @​ghengeveld!
• React-Docgen: Try .tsx fallback when resolving .js ESM imports in docgen resolvers - #34393, thanks @​mixelburg!
• React-Vite: Upgrade @​joshwooding/vite-plugin-react-docgen-typescript to 0.7.0 - #34335, thanks @​beeswhacks!

v10.3.3

10.3.3

• Addon-Vitest: Streamline vite(st) config detection across init and postinstall - #34193, thanks @​valentinpalkovic!

v10.3.2

10.3.2

• CLI: Shorten CTA link messages - #34236, thanks @​shilman!
• React Native Web: Fix vite8 support by bumping vite-plugin-rnw - #34231, thanks @​dannyhw!

v10.3.1

10.3.1

• CLI: Use npm info to fetch versions in repro command - #34214, thanks @​yannbf!
• Core: Prevent story-local viewport from persisting in URL - #34153, thanks @​ghengeveld!

v10.3.0

10.3.0

> Improved developer experience, AI-assisting tools, and broader ecosystem support

Storybook 10.3 contains hundreds of fixes and improvements including:

• 🤖 Storybook MCP: Agentic component dev, docs, and test (Preview release for React)
• ⚡ Vite 8 support
• ▲ Next.js 16.2 support
• 📝 ESLint 10 support
• 〰️ Addon Pseudo-States: Tailwind v4 support
• 🔧 Addon-Vitest: Simplified configuration - no more setup files required

... (truncated)

Changelog

Sourced from @​storybook/addon-onboarding's changelog.

10.3.5

• Core: Disable component manifest by default - #34408, thanks @​yannbf!

[!NOTE] Version >=0.5.0 of @storybook/addon-mcp enables component manifests again. If you're upgrading Storybook from version >= 10.3.0 to >= 10.3.5 and are using the MCP addon, you should also upgrade @storybook/addon-mcp to keep the docs toolset in the MCP server.

10.3.4

• Addon-a11y: Clear status transition timer on unmount to prevent test flake - #34203, thanks @​mixelburg!
• Bug: Skip re-processing already transformed config files for CSF factories - #34273, thanks @​huang-julien!
• Builder-Vite: Use djb2 hash to prevent variable name collisions in builder-vite - #34274, thanks @​chida09!
• CLI: Prompt for init crash reports - #34316, thanks @​JReinhold!
• CSF4: Fix duplicate preview loading issue in Vitest - #34361, thanks @​valentinpalkovic!
• Core: Fix WebSocket connection for StackBlitz/WebContainers - #34281, thanks @​ghengeveld!
• React-Docgen: Try .tsx fallback when resolving .js ESM imports in docgen resolvers - #34393, thanks @​mixelburg!
• React-Vite: Upgrade @​joshwooding/vite-plugin-react-docgen-typescript to 0.7.0 - #34335, thanks @​beeswhacks!

10.3.3

• Addon-Vitest: Streamline vite(st) config detection across init and postinstall - #34193, thanks @​valentinpalkovic!

10.3.2

• CLI: Shorten CTA link messages - #34236, thanks @​shilman!
• React Native Web: Fix vite8 support by bumping vite-plugin-rnw - #34231, thanks @​dannyhw!

10.3.1

• CLI: Use npm info to fetch versions in repro command - #34214, thanks @​yannbf!
• Core: Prevent story-local viewport from persisting in URL - #34153, thanks @​ghengeveld!

10.3.0

> Improved developer experience, AI-assisting tools, and broader ecosystem support

Storybook 10.3 contains hundreds of fixes and improvements including:

• 🤖 Storybook MCP: Agentic component dev, docs, and test (Preview release for React)
• ⚡ Vite 8 support
• ▲ Next.js 16.2 support
• 📝 ESLint 10 support
• 〰️ Addon Pseudo-States: Tailwind v4 support
• 🔧 Addon-Vitest: Simplified configuration - no more setup files required
• ♿ Numerous accessibility improvements across the UI

... (truncated)

Commits

• e486d38 Bump version from "10.3.4" to "10.3.5" [skip ci]
• 4eff9cd Bump version from "10.3.3" to "10.3.4" [skip ci]
• b0acfb4 Bump version from "10.3.2" to "10.3.3" [skip ci]
• 308656f Bump version from "10.3.1" to "10.3.2" [skip ci]
• 24c2c2c Bump version from "10.3.0" to "10.3.1" [skip ci]
• 06cb6a6 Bump version from "10.3.0-beta.3" to "10.3.0" [skip ci]
• 94b9430 Bump version from "10.3.0-beta.2" to "10.3.0-beta.3" [skip ci]
• af5b7de Bump version from "10.3.0-beta.1" to "10.3.0-beta.2" [skip ci]
• 9e58af5 Merge branch 'next' into sidnioulz/issue-31678-aria-disabled-finish
• a571619 Bump version from "10.3.0-beta.0" to "10.3.0-beta.1" [skip ci]
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@storybook/addon-onboarding	10.3.5	🟢 7.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 11 out of 11 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no badge detected Code-Review 🟢 7 9 out of last 12 changesets reviewed before merge -- score normalized to 7 Contributors 🟢 10 42 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) out of 30 and 11 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Vulnerabilities 🟢 10 no vulnerabilities detected

Scanned Files

• package-lock.json