build(deps-dev): bump cross-env from 7.0.3 to 10.1.0

[dependabot]

Bumps cross-env from 7.0.3 to 10.1.0.

Release notes

Sourced from cross-env's releases.

v10.1.0

10.1.0 (2025-09-29)

Features

• add support for default value syntax (152ae6a)

For example:

"dev:server": "cross-env wrangler dev --port ${PORT:-8787}",

If PORT is already set, use that value, otherwise fallback to 8787.

Learn more about Shell Parameter Expansion

v10.0.0

10.0.0 (2025-07-25)

TL;DR: You should probably not have to change anything if:

• You're using a modern maintained version of Node.js (v20+ is tested)
• You're only using the CLI (most of you are as that's the intended purpose)

In this release (which should have been v8 except I had some issues with automated releases 🙈), I've updated all the things and modernized the package. This happened in #261

Was this needed? Not really, but I just thought it'd be fun to modernize this package.

Here's the highlights of what was done.

• Replace Jest with Vitest for testing
• Convert all source files from .js to .ts with proper TypeScript types
• Use zshy for ESM-only builds (removes CJS support)
• Adopt @​epic-web/config for TypeScript, ESLint, and Prettier
• Update to Node.js >=20 requirement
• Remove kcd-scripts dependency
• Add comprehensive e2e tests with GitHub Actions matrix testing
• Update GitHub workflow with caching and cross-platform testing
• Modernize documentation and remove outdated sections
• Update all dependencies to latest versions
• Add proper TypeScript declarations and exports

The tool maintains its original functionality while being completely modernized with the latest tooling and best practices

BREAKING CHANGES

• This is a major rewrite that changes the module format from CommonJS to ESM-only. The package now requires Node.js >=20 and only exports ESM modules (not relevant in most cases).

Commits

• 152ae6a feat: add support ofr default value syntax
• bd70d1a chore: upgrade zshy
• 8e0b190 chore(ci): get coverage
• 8635e80 fix(release): manually release a major version
• 3a58f22 chore: fix npmrc registry
• b70bfff chore(ci): add names to steps and workflows
• cc5759d fix(release): manually release a major version
• 080a859 chore: remove publish script
• 31e5bc7 chore(ci): restore built files
• 81e9c34 chore(ci): add back semantic-release
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

What: The @storybook/react-webpack5 type definition is still listed in a comment, even though the package has been upgraded to use Vite.

Why: Leaving outdated comments can lead to confusion regarding the project's current setup. It's important to keep comments concise and relevant to enhance maintainability.

How: Remove the line that comments on webpack5 to reflect the current configuration which uses Vite. This will keep the code clean and clear.

[github-actions]

What: The import statement for the mergeConfig function has been updated to use dynamic imports. Ensure that this is necessary for performance and compatibility.

Why: Dynamic imports can have performance implications if they're used excessively or in critical parts of the code; they may also lead to issues if not all platforms support them equally, despite their advantages in code splitting.

How: Confirm that the rest of the configuration file and setup handles the async nature of mergeConfig. If it's not required to be loaded dynamically, consider importing it at the top of the file.

[github-actions]

What: The filtering of plugins to remove 'vite:dts' could lead to unexpected behavior if no checks are performed for the presence of plugins.

Why: Filtering plugins without handling cases where config.plugins is undefined or empty could lead to runtime errors. It’s important for code to be robust against such scenarios.

How: Update the filter check to safely handle situations where config.plugins could be undefined by adding a conditional check to ensure that it is defined before attempting to use it in the filter.

[github-actions]

What: The resolution paths being defined for various aliases (@/icons, @/utilities, etc.) should be double-checked for accuracy based on the current file structure.

Why: Incorrect paths can lead to module resolution issues, which could affect the functionality of the Storybook setup. Ensuring the paths are correct helps in avoiding bugs during development.

How: Verify each path for the aliases against the actual directory structure of the project and update them accordingly if not correct.

[github-actions]

What: The use of CRLF line endings ( ) in a file that previously used LF line endings may cause compatibility issues across different systems.

Why: Inconsistent line endings can lead to problems in version control and when running code in different environments, especially when working in a cross-platform team where some may use Windows and others may use macOS or Linux.

How: Ensure that your editor or IDE is configured to normalize line endings to LF ( ) to maintain consistency across different environments.

[github-actions]

What: Consider documenting the implications of disabling color contrast checks globally in a comment near the a11y configuration.

Why: Disabling important accessibility checks may lead to a poor user experience for individuals with visual impairments, and documenting this decision helps future maintainers understand the reasoning behind it.

How: Add a comment above the a11y configuration explaining why color contrast checks are being disabled and consider encouraging better practices to ensure your components are visually accessible.

[github-actions]

What: The code includes optional chaining (?.) which can lead to runtime errors if the properties are undefined and accessed subsequently.

Why: Using optional chaining can be beneficial for avoiding TypeErrors, but it's essential to ensure that all parts of the object you're accessing can indeed be undefined. Otherwise, consider a fallback or more explicit error handling to improve robustness.

How: Consider adding checks or defaults to ensure the parameters exist before accessing them, for example:

const rules = storyContext.parameters && storyContext.parameters.a11y && storyContext.parameters.a11y.config ? storyContext.parameters.a11y.config.rules : defaultRules;
await configureAxe(page, { rules });

[github-actions]

What: The 'postVisit' function returns early if accessibility testing is disabled, but it does not log or report this decision anywhere.

Why: While returning early is valid, it may be beneficial to debug or log when tests are skipped to help understand test coverage and outcomes during development.

How: Add a console log statement before the early return to indicate testing was skipped:

if (storyContext.parameters?.a11y?.disable) {
    console.log('Accessibility tests are disabled for this story.');
    return;
}

[github-actions]

What: The method of gathering the story context may not catch all edge cases, potentially leading to unhandled cases in the accessibility configuration.

Why: Ensuring that the story context is reliably acquired will help in accurately applying accessibility rules, avoiding silent failures in testing.

How: Consider wrapping the call to getStoryContext in a try-catch block. If an error occurs, handle it appropriately, perhaps by logging it and providing fallback behavior.