Vue3: Specify a specific version for non-dev dependency

[ScopeyNZ]

What I did

When Storybook is part of your CI pipeline, you may decide to use npm ci for this purpose as it ensures your dependencies are a known set. This is the intended use of npm ci. Unfortunately, the "latest" dependency forces the latest version, and npm ci will break as the lock file is out of date. This commit just sets the latest version as the listed dependency

Checklist for Contributors

Testing

N/A

Although you can npm ci after vue-component-type-helpers releases a version (they did so recently) and see the existing problem.

Documentation

• Add or update documentation reflecting your changes
• If you are deprecating/removing a feature, make sure to update
  MIGRATION.MD

Checklist for Maintainers

• When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli-storybook/src/sandbox-templates.ts

• Make sure this PR contains one of the labels below:

  Available labels

  • bug: Internal changes that fixes incorrect behavior.
  • maintenance: User-facing maintenance tasks.
  • dependencies: Upgrading (sometimes downgrading) dependencies.
  • build: Internal-facing build tooling & test updates. Will not show up in release changelog.
  • cleanup: Minor cleanup style change. Will not show up in release changelog.
  • documentation: Documentation only changes. Will not show up in release changelog.
  • feature request: Introducing a new feature.
  • BREAKING CHANGE: Changes that break compatibility in some way with current major version.
  • other: Changes that don't fit in the above categories.

🦋 Canary release

This PR does not have a canary release associated. You can request a canary release of this pull request by mentioning the @storybookjs/core team here.

core team members can create a canary release here or locally with gh workflow run --repo storybookjs/storybook publish.yml --field pr=<PR_NUMBER>

Summary by CodeRabbit

• Chores
  • Pinned a dependency used by the Vue 3 renderer to a specific version to improve stability and ensure consistent behavior across environments.
  • Minor maintenance updates to dependency resolution to reduce variability between installs.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d296ec66-0ebd-4646-b0f5-4ffe767f25ee

📥 Commits

Reviewing files that changed from the base of the PR and between 6c6435c and a60701f.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• code/renderers/vue3/package.json

---

📝 Walkthrough

Walkthrough

The Vue 3 renderer's vue-component-type-helpers dependency is pinned from the unpinned "latest" version to the specific semver range ^3.2.9, replacing automatic version resolution with controlled versioning.

Changes

Vue 3 Renderer Dependencies

Layer / File(s)	Summary
Dependency version pinning code/renderers/vue3/package.json	vue-component-type-helpers constraint is updated from "latest" to ^3.2.9, replacing floating version resolution with a pinned semver range.

---

🎯 1 (Trivial) | ⏱️ ~2 minutes

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

code/renderers/vue3/package.json (1)

61-61: ⚡ Quick win

Consider pinning vue-tsc to a specific version for consistency.

While this PR correctly addresses the non-dev dependency issue, vue-tsc in devDependencies still uses "latest". Although devDependencies may have different version management requirements, using "latest" can still cause npm ci failures when the lockfile becomes outdated.

For consistency with the approach taken on line 54, consider pinning this to a specific semver range in a future update.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@code/renderers/vue3/package.json` at line 61, Replace the devDependency entry
"vue-tsc": "latest" with a pinned semver range (not "latest") to ensure
reproducible installs; update the devDependencies in package.json by changing
the "vue-tsc" value to a specific semver range (e.g., ^X.Y.Z) consistent with
the pinning strategy used for the other tool on line 54 so the lockfile and npm
ci remain stable.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@code/renderers/vue3/package.json`:
- Line 61: Replace the devDependency entry "vue-tsc": "latest" with a pinned
semver range (not "latest") to ensure reproducible installs; update the
devDependencies in package.json by changing the "vue-tsc" value to a specific
semver range (e.g., ^X.Y.Z) consistent with the pinning strategy used for the
other tool on line 54 so the lockfile and npm ci remain stable.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3e51c526-2d7a-4f2c-8b62-89ed4bcb969e

📥 Commits

Reviewing files that changed from the base of the PR and between 589f29c and 6c6435c.

📒 Files selected for processing (1)

• code/renderers/vue3/package.json

[ScopeyNZ]

Note right now we've added an override to our package.json to resolve this:

"overrides": {
  "@storybook/vue3": {
    "vue-component-type-helpers": "3.2.8"
  }
}

Using overrides feels like a bit of a hack.

[github-actions]

	Fails
🚫	PR description is missing the mandatory "#### Manual testing" section. Please add it so that reviewers know how to manually test your changes.

Generated by 🚫 dangerJS against a60701f