chore(deps): bump the npm-dependencies group with 22 updates

[dependabot]

Bumps the npm-dependencies group with 22 updates:

Package	From	To
@emotion/styled	11.14.0	11.14.1
@iconify/react	6.0.0	6.0.2
@mui/styles	6.4.12	6.5.0
axios	1.12.2	1.13.5
js-yaml	4.1.0	4.1.1
lodash	4.17.21	4.17.23
@types/lodash	4.17.17	4.17.23
ramda	0.30.1	0.32.0
react-hook-form	7.57.0	7.71.1
simplebar-react	3.3.1	3.3.2
socket.io-client	4.8.1	4.8.3
tss-react	4.9.18	4.9.20
yaml	2.8.0	2.8.2
@mui/types	7.2.24	7.4.10
@testing-library/dom	10.4.0	10.4.1
@testing-library/jest-dom	6.6.3	6.9.1
@testing-library/react	16.3.0	16.3.2
@types/ramda	0.30.2	0.31.1
cspell	9.0.2	9.6.4
eslint-plugin-import	2.31.0	2.32.0
eslint-plugin-react	7.37.4	7.37.5
ts-jest	29.4.1	29.4.6

Updates @emotion/styled from 11.14.0 to 11.14.1

Release notes

Sourced from @​emotion/styled's releases.

@​emotion/styled@​11.14.1

Patch Changes

• #3334 0facbe4 Thanks @​ZachRiegel! - Renamed default-exported variable in @emotion/styled to aid inferred import names in auto-import completions in IDEs

Commits

• 4922955 Version Packages (#3335)
• 0facbe4 Renamed default-exported variable in @emotion/styled to aid inferred import...
• cce67ec Bump parcel (#3258)
• See full diff in compare view

Updates @iconify/react from 6.0.0 to 6.0.2

Commits

• See full diff in compare view

Updates @mui/styles from 6.4.12 to 6.5.0

Release notes

Sourced from @​mui/styles's releases.

v6.5.0

A big thanks to the 2 contributors who made this release possible.

CSS layers make it easier to override styles by splitting a single style sheet into multiple layers. To learn more, check out the CSS layers documentation.

@mui/material@6.5.0

• [Dialog] Add codemod for deprecated props (#46335) @​sai6855

@mui/system@6.5.0

• Backport CSS layers feature from v7 (#46283) @​siriwatknp

@mui/material-nextjs@6.5.0

• Backport CSS layers feature from v7 (#46283) @​siriwatknp

Docs

• Add ListItemButton to make the deprecation clear (#46357) @​sai6855

All contributors of this release in alphabetical order: @​sai6855, @​siriwatknp

Changelog

Sourced from @​mui/styles's changelog.

6.5.0

Jul 2, 2025

A big thanks to the 2 contributors who made this release possible.

CSS layers make it easier to override styles by splitting a single style sheet into multiple layers. To learn more, check out the CSS layers documentation.

@mui/material@6.5.0

• [Dialog] Add codemod for deprecated props (#46335) @​sai6855

@mui/system@6.5.0

• Backport CSS layers feature from v7 (#46283) @​siriwatknp

@mui/material-nextjs@6.5.0

• Backport CSS layers feature from v7 (#46283) @​siriwatknp

Docs

• Add ListItemButton to make the deprecation clear (#46357) @​sai6855

All contributors of this release in alphabetical order: @​sai6855, @​siriwatknp

Commits

• 894dd47 6.5.0 (#46431)
• See full diff in compare view

Updates axios from 1.12.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates @types/lodash from 4.17.17 to 4.17.23

Commits

• See full diff in compare view

Updates ramda from 0.30.1 to 0.32.0

Release notes

Sourced from ramda's releases.

v0.32.0

upgrade guide

v0.31.3

upgrade guide

Commits

• f0b1fb5 Version 0.32.0
• fc8f028 fix exports in package.json (#3522)
• 29470a6 docs(rebuild): fix typo (#3521)
• 7414650 docs(pipeWith): add usage example (#3520)
• 746e0f8 docs: update jsdelivr link (#3518)
• 3c81269 docs: add Map & Set example to type.js (#3517)
• 3cade36 feat: better handling of decimal arguments to range (#3516)
• d4443e6 Update head.js and last.js docs example (#3515)
• 7ee3d7a Version 0.31.3
• 69dfa7f do not clean dist
• Additional commits viewable in compare view

Updates react-hook-form from 7.57.0 to 7.71.1

Release notes

Sourced from react-hook-form's releases.

Version v7.71.1

🐞 fix #13250 issue with booleans_as_integers (#13252)

Version 7.71.0

⚡ perf: memoize FormProvider context value to prevent unnecessary rerenders (#13235) 🚄 perf: separate control context to prevent unnecessary rerenders (#13234) 🐞 fix: update isValid when field disabled state changes (#13231) 👌 chore: optimize bundle size via safe terser options (#13243) (#13244)

thanks to @​kamja44, @​a28689604 & @​newsiberian

Version 7.70.0

✅ watch type improvement (#13228) 🐞 fix: prevent field array ghost elements with keepDirtyValues (#13188) 🐞 fix: improve invalid date handling in deepEqual and validation (#13230) 🐞 fix(types): handle branded types correctly in DeepPartial (#13222) 🐞 fix native validation focus issue (#13220) 🐞 change spread operator to set name with depricated names prop, then override with new name prop is supplied (#13214) 🐞 fix: prevent duplicate subscription trigger in setValue (#13206) (#13209) 👌 chore: fix lib type check include tests (#13229)

thanks to @​EdwardEB, @​constantly-dev & @​a28689604

🎄 Version 7.69.0

📏 feat: align API with useWatch (#13192) 🤦🏻‍♂️ chore: update @​deprecated names prop on (#13198) 🏥 chore: safely call function methods on elements (#13190) 🪖 chore: cve-2025-67779 (#13196) 🪖 chore: cve-2025-55184 & cve-2025-55183 (#13194) 🪖 chore: CVE-2025-55182 Critical RCE vulnerabilty (#13175) 🔬 test: add regression tests for #12837 and #13136 (#13187) 🐞 fix(reset): preserve isValid state when keepIsValid option is used (#13173) 🐞 fix: ensure each createFormControl.subscribe subscription listens only to the changes it subscribes to (#12968) 🐞 fix(validation): batch isValidating state updates with validation result (#13181) 🐞 fix(createFormControl): resolve race condition between setError and setFocus (#13138) (#13169) 🧿 fix control prop type (#13189) 🔔 chore: clean cloneObject logic (#13179)

thanks to @​PierreCrb, @​a28689604, @​AnuragM7666, @​ap0nia, @​dusan233 & @​hlongc

Version 7.68.0

🎧 feat: <FormStateSubscribe /> component (#13142)

import { useForm, FormStateSubscribe } from 'react-hook-form';
const App = () => {
const { register, control } = useForm();
return (
</tr></table>

... (truncated)

Commits

• 51589c5 7.71.1
• fc57a62 🐞 fix #13250 issue with booleans_as_integers (#13252)
• 195139d 7.71.0
• e26f886 👌 chore: optimize bundle size via safe terser options (#13243) (#13244)
• 17c85ed 🚄 perf: separate control context to prevent unnecessary rerenders (#13234)
• a084dcb ⚡ perf: memoize FormProvider context value to prevent unnecessary rerenders (...
• 65c78bc 🐞 fix: update isValid when field disabled state changes (#13231)
• d810ff5 7.70.0
• c54ebf9 🐞 fix: prevent field array ghost elements with keepDirtyValues (#13188)
• 3966596 ✅ watch type improvement (#13228)
• Additional commits viewable in compare view

Updates simplebar-react from 3.3.1 to 3.3.2

Changelog

Sourced from simplebar-react's changelog.

v3.3.2 (Thu Jul 03 2025)

🐛 Bug Fix

• Update CHANGELOG.md [skip ci] (@​Grsmto)
• fix(react): horizontal & vertical classNames #656 (@​fakundo)

⚠️ Pushed to master

• add missing types in exports (@​Grsmto)
• Publish (@​Grsmto)
• chore(react): also add exports field (@​Grsmto)

Authors: 2

• @​fakundo
• Adrien Denat (@​Grsmto)

---

Commits

• 46a2c4a Publish
• 91860f1 Update CHANGELOG.md [skip ci]
• 598394b add missing types in exports
• See full diff in compare view

Updates socket.io-client from 4.8.1 to 4.8.3

Release notes

Sourced from socket.io-client's releases.

socket.io-client@4.8.2

Bug Fixes

• bundle: do not mangle the "_placeholder" attribute (bis) (cdae019)
• drain queue before emitting "connect" (#5259) (d19928e)

Dependencies

• engine.io-client@~6.6.1 (no change)
• ws@~8.17.1 (no change)

Commits

• e9e5bed chore(release): socket.io-client@4.8.3
• 9581f9b fix(sio): do not throw when calling io.close() on a stopped server
• 579d43f refactor: remove unused files
• ee9aac3 chore(release): socket.io-parser@4.2.5
• 968277c chore(release): socket.io-adapter@2.5.6
• 2bf16bd chore(release): engine.io-client@6.6.4
• ad61607 docs(eio): fix link in the release notes
• dd71792 chore(release): socket.io@4.8.2
• bb0b480 fix(sio): improve io.close() function (#5344)
• 161be91 test(sio): pin version of the client bundle in the tests
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for socket.io-client since your current version.

Updates tss-react from 4.9.18 to 4.9.20

Release notes

Sourced from tss-react's releases.

Release v4.9.20

Full Changelog: garronej/tss-react@v4.9.19...v4.9.20

Release v4.9.19

Full Changelog: garronej/tss-react@v4.9.18...v4.9.19

Commits

• 883cdde Bump version
• d523ffb #233
• dc7b099 Bump version
• 8c0090a #231
• See full diff in compare view

Updates yaml from 2.8.0 to 2.8.2

Release notes

Sourced from yaml's releases.

v2.8.2

• Serialize -0 as -0 (#638)
• Do not double newlines for empty map values (#642)

v2.8.1

• Preserve empty block literals (#634)

Commits

• 086fa6b 2.8.2
• 95f01e9 chore: Add funding to package.json
• 152e204 style: Apply updated Prettier rules & satisfy updated ESLint
• 3f3378c chore: Drop unused dependency cross-env
• f0b9af7 chore: Update to @​rollup/plugin-replace v6
• e3cafc7 chore: Update to eslint-config-prettier v10
• 553c1b5 chore: Refresh lockfile
• 70a8db3 fix: Do not double newlines for empty map values (#642)
• 92821f2 ci: Limit action permissions to minimum required
• 95285f8 fix: Serialize -0 as -0 (fixes #638)
• Additional commits viewable in compare view

Updates @mui/types from 7.2.24 to 7.4.10

Release notes

Sourced from @​mui/types's releases.

v7.3.7

A big thanks to the 16 contributors who made this release possible.

@mui/material@7.3.7

• [accordion] Remove unnecessary handling of square prop on Accordion Root (#47457) @​ZeeshanTamboli
• [alert] Remove unnecessary default icon mapping fallback (#47460) @​ZeeshanTamboli
• [appbar] Fix inherit color CSS variable not getting applied (#47518) @​ZeeshanTamboli
• [autocomplete] Fix ArrowLeft, Backspace & Delete behavior for multiple and single-value rendering with proper caret handling (#47411) @​jnbain
• [backdrop] Remove unnecessary passing of classes from root slot (#47519) @​ZeeshanTamboli
• [button-group] Fix styles when variant is contained (#47499) @​ZeeshanTamboli
• [card-action-area] Remove incorrect root ref being forwarded to focus highlight component (#47523) @​ZeeshanTamboli
• [checkbox] Fix readonly checkboxes (#47503) @​mj12albert
• [click-away-listener] Tighten the parameter type of createHandleSynthetic method (#47525) @​ZeeshanTamboli
• [dialog] Fix backdrop theme style overrides (#47544) @​ZeeshanTamboli
• [focus-trap] Compute activeElement inside loopFocus on every keydown (#47566) @​ZeeshanTamboli
• [modal] Take non-integer padding-right into consideration when scroll locking (#47420) @​Zache
• [select] Fix dropdown width does not match trigger width on window resize (#47526) @​AarishMansur
• [tabs] Fix passing incorrect slot name props (scrollButton → scrollButtons) (#47215) @​rithik56

Docs

• [card] Fix key warning (#47524) @​ZeeshanTamboli
• [dialog] Replace TranstionProps with slotProps.transition (#47569) @​sai6855
• [number-field] Use stable Base UI package (#47504) @​siriwatknp
• [snackbar] Replace TransitionComponent with slots.transition (#47570) @​sai6855
• Fix incorrect indentation in migration guide (#47571) @​sai6855
• Enable MUI chat on Material UI demos (#46837) @​siriwatknp
• Add docs and website banner for Dev survey'25 (#47521) @​prakhargupta1
• Update Tailwind CSS v4 + Next.js Pages Router docs (#47546) @​atharva3333
• Add warning callout to Sync plugin doc (#47511) @​mapache-salvaje
• Update typo in TailwindCSS v4 integration with Next.js docs (#47512) @​TimKraemer
• Fix link to contributing guide (#47473) @​oliviertassinari
• Improve description of Accordion props (#47459) @​ZeeshanTamboli

Core

• [blog] Whats new since MUI X v8 [DX-51] (#47140) @​joserodolfofreitas
• [code-infra] Fix React@next CI job (#47493) @​Janpot
• [code-infra] Move font loading to @​mui/docs (#47385) @​Janpot
• [code-infra] Fix CI for React 18 (#47560) @​Janpot
• [code-infra] Prevent legacy browsers tests from updating (#47496) @​Janpot
• [code-infra] Move @mui/internal-test-utils to code infra repo (#47422) @​Janpot
• [code-infra] Fix React@next CI job (#47493) @​Janpot
• [examples] Update Next.js versions to v16 in Next.js examples (DX-57) (#47453) @​alelthomas
• [internal] Bump Next.js & React version to avoid security vulnerability (#47427) @​oliviertassinari
• [test] Use plain playwright for e2e (#47410) @​mj12albert
• [test] Fix react-18 tests (#47407) @​Janpot

All contributors of this release in alphabetical order: @​AarishMansur, @​alelthomas, @​atharva3333, @​bricefrisco, @​Janpot, @​jnbain, @​joserodolfofreitas, @​mapache-salvaje, @​mj12albert, @​oliviertassinari, @​prakhargupta1, @​rithik56, @​siriwatknp, @​TimKraemer, @​Zache, @​ZeeshanTamboli

... (truncated)

Changelog

Sourced from @​mui/types's changelog.

Versions

7.3.7

Jan 8, 2026

A big thanks to the 16 contributors who made this release possible.

@mui/material@7.3.7

• [accordion] Remove unnecessary handling of square prop on Accordion Root (#47457) @​ZeeshanTamboli
• [alert] Remove unnecessary default icon mapping fallback (#47460) @​ZeeshanTamboli
• [appbar] Fix inherit color CSS variable not getting applied (#47518) @​ZeeshanTamboli
• [autocomplete] Fix ArrowLeft, Backspace & Delete behavior for multiple and single-value rendering with proper caret handling (#47411) @​jnbain
• [backdrop] Remove unnecessary passing of classes from root slot (#47519) @​ZeeshanTamboli
• [button-group] Fix styles when variant is contained (#47499) @​ZeeshanTamboli
• [card-action-area] Remove incorrect root ref being forwarded to focus highlight component (#47523) @​ZeeshanTamboli
• [checkbox] Fix readonly checkboxes (#47503) @​mj12albert
• [click-away-listener] Tighten the parameter type of createHandleSynthetic method (#47525) @​ZeeshanTamboli
• [dialog] Fix backdrop theme style overrides (#47544) @​ZeeshanTamboli
• [focus-trap] Compute activeElement inside loopFocus on every keydown (#47566) @​ZeeshanTamboli
• [modal] Take non-integer padding-right into consideration when scroll locking (#47420) @​Zache
• [select] Fix dropdown width does not match trigger width on window resize (#47526) @​AarishMansur
• [tabs] Fix passing incorrect slot name props (scrollButton → scrollButtons) (#47215) @​rithik56

Docs

• [card] Fix key warning (#47524) @​ZeeshanTamboli
• [dialog] Replace TranstionProps with slotProps.transition (#47569) @​sai6855
• [number-field] Use stable Base UI package (#47504) @​siriwatknp
• [snackbar] Replace TransitionComponent with slots.transition (#47570) @​sai6855
• Fix incorrect indentation in migration guide (#47571) @​sai6855
• Enable MUI chat on Material UI demos (#46837) @​siriwatknp
• Add docs and website banner for Dev survey'25 (#47521)

[dependabot]

Labels

The following labels could not be found: dependabot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.