Update for SB8

[JReinhold]

This PR does a lot of maintenance tasks to the template:

1. Upgrade Node target to 18
2. Add a nodeEntries bundle entry for bundling presets and other Node-only entries.
3. Add types exports to preview entries as they might be imported in Portable Stories scenarios.
4. Upgrade all devDependencies, crucially Storybook and React 18
5. Convert package to ESM (type = module)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@storybook/addon-essentials@8.0.0-beta.2	Transitive: environment, eval, filesystem, network, shell, unsafe	+339	263 MB	shilman
npm/@storybook/addon-interactions@8.0.0-beta.2	Transitive: environment, eval, filesystem	+51	13.9 MB	shilman
npm/@storybook/addon-links@8.0.0-beta.2	environment, eval	+7	1.09 MB	shilman
npm/@storybook/blocks@8.0.0-beta.2	eval Transitive: environment, filesystem, network, shell, unsafe	+276	254 MB	shilman
npm/@storybook/components@8.0.0-beta.2	environment Transitive: eval, filesystem	+54	18.2 MB	shilman
npm/@storybook/core-events@8.0.0-beta.2	None	+1	111 kB	shilman
npm/@storybook/manager-api@8.0.0-beta.2	environment, network Transitive: eval, filesystem	+48	14 MB	shilman
npm/@storybook/manager@8.0.0-beta.2	None	0	2.28 MB	shilman
npm/@storybook/preview-api@8.0.0-beta.2	network Transitive: environment, eval, filesystem	+40	8.18 MB	shilman
npm/@storybook/preview@8.0.0-beta.2	eval, network	0	334 kB	shilman
npm/@storybook/react-vite@8.0.0-beta.2	Transitive: environment, eval, filesystem, network, shell, unsafe	+406	336 MB	shilman
npm/@storybook/react@8.0.0-beta.2	Transitive: environment, eval, filesystem, network, shell, unsafe	+273	276 MB	shilman
npm/@storybook/theming@8.0.0-beta.2	environment	+10	5.76 MB	shilman
npm/@storybook/types@8.0.0-beta.2	Transitive: environment, eval, filesystem	+34	6.19 MB	shilman
npm/@types/react-dom@18.2.19	None	+4	1.65 MB	types
npm/@types/react@18.2.55	None	+3	1.62 MB	types
npm/@vitejs/plugin-react@4.2.1	Transitive: environment, eval, filesystem, network, shell, unsafe	+84	65 MB	vitebot
npm/prettier@3.2.5	environment, filesystem, unsafe	0	8.39 MB	prettier-bot
npm/react-dom@18.2.0	environment	+4	4.93 MB	gnoff
npm/react@18.2.0	environment	+2	337 kB	gnoff
npm/storybook@8.0.0-beta.2	Transitive: environment, eval, filesystem, network, shell, unsafe	+612	285 MB	shilman
npm/tsup@8.0.2	environment, eval, filesystem Transitive: network, shell, unsafe	+146	302 MB	egoist
npm/typescript@5.3.3	None	0	32 MB	typescript-bot
npm/vite@5.1.2	environment, eval, filesystem, network, shell, unsafe	+22	54 MB	vitebot

🚮 Removed packages: npm/@storybook/addon-essentials@7.0.0, npm/@storybook/addon-interactions@7.0.0, npm/@storybook/addon-links@7.0.0, npm/@storybook/blocks@7.0.0, npm/@storybook/components@7.0.0, npm/@storybook/core-events@7.0.0, npm/@storybook/manager-api@7.0.0, npm/@storybook/manager@7.6.7, npm/@storybook/preview-api@7.0.0, npm/@storybook/preview@7.6.7, npm/@storybook/react-vite@7.0.0, npm/@storybook/react@7.0.0, npm/@storybook/theming@7.0.0, npm/@storybook/types@7.0.0, npm/@types/react-dom@16.9.22, npm/@types/react@16.14.51, npm/@vitejs/plugin-react@4.1.1, npm/prettier@3.0.3, npm/react-dom@16.14.0, npm/react@16.14.0, npm/storybook@7.0.0, npm/tsup@7.2.0, npm/typescript@5.2.2, npm/vite@4.5.0

View full report↗︎

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: npm/@storybook/addon-actions@8.0.0-beta.2, npm/@storybook/addon-links@8.0.0-beta.2, npm/@storybook/telemetry@8.0.0-beta.2, npm/defaults@1.0.4, npm/get-stream@8.0.1, npm/handlebars@4.7.8, npm/react-dom@18.2.0, npm/react@18.2.0, npm/scheduler@0.23.0

View full report↗︎

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

[ndelangen]

@JReinhold Convert package to type=module seems like a possibly disruptive change, and I'd question if SB8 presets loading would support that fully.

It could very well work.. But before proceeding to merge this, please try it out in detail.

If you create a dummy addon that uses a preset, does storybook correctly load it?

[JReinhold]

Tested this out extensively with @ndelangen and we concluded that everything works and we can even clean up a bunch of files because of it.

[ndelangen]

@SocketSecurity ignore npm/defaults@1.0.4
@SocketSecurity ignore npm/react@18.2.0
@SocketSecurity ignore npm/react-dom@18.2.0
@SocketSecurity ignore npm/scheduler@0.23.0
@SocketSecurity ignore npm/handlebars@4.7.8
@SocketSecurity ignore npm/get-stream@8.0.1
@SocketSecurity ignore npm/@storybook/addon-actions@8.0.0-beta.2
@SocketSecurity ignore npm/@storybook/addon-links@8.0.0-beta.2
@SocketSecurity ignore npm/@storybook/telemetry@8.0.0-beta.2