chore(deps): bump the npm-dependencies group with 23 updates

[dependabot]

Bumps the npm-dependencies group with 23 updates:

Package	From	To
@emotion/styled	11.14.0	11.14.1
@iconify/react	6.0.0	6.0.2
@mui/styles	6.4.12	6.5.0
ajv	8.17.1	8.18.0
axios	1.12.2	1.14.0
js-yaml	4.1.0	4.1.1
lodash	4.17.21	4.17.23
@types/lodash	4.17.17	4.17.24
ramda	0.30.1	0.32.0
react-hook-form	7.57.0	7.72.0
simplebar-react	3.3.1	3.3.2
socket.io-client	4.8.1	4.8.3
tss-react	4.9.18	4.9.20
yaml	2.8.0	2.8.3
@mui/types	7.2.24	7.4.12
@testing-library/dom	10.4.0	10.4.1
@testing-library/jest-dom	6.6.3	6.9.1
@testing-library/react	16.3.0	16.3.2
@types/ramda	0.30.2	0.31.1
cspell	9.0.2	9.7.0
eslint-plugin-import	2.31.0	2.32.0
eslint-plugin-react	7.37.4	7.37.5
ts-jest	29.4.1	29.4.6

Updates @emotion/styled from 11.14.0 to 11.14.1

Release notes

Sourced from @​emotion/styled's releases.

@​emotion/styled@​11.14.1

Patch Changes

• #3334 0facbe4 Thanks @​ZachRiegel! - Renamed default-exported variable in @emotion/styled to aid inferred import names in auto-import completions in IDEs

Commits

• 4922955 Version Packages (#3335)
• 0facbe4 Renamed default-exported variable in @emotion/styled to aid inferred import...
• cce67ec Bump parcel (#3258)
• See full diff in compare view

Updates @iconify/react from 6.0.0 to 6.0.2

Commits

• See full diff in compare view

Updates @mui/styles from 6.4.12 to 6.5.0

Release notes

Sourced from @​mui/styles's releases.

v6.5.0

A big thanks to the 2 contributors who made this release possible.

CSS layers make it easier to override styles by splitting a single style sheet into multiple layers. To learn more, check out the CSS layers documentation.

@mui/material@6.5.0

• [Dialog] Add codemod for deprecated props (#46335) @​sai6855

@mui/system@6.5.0

• Backport CSS layers feature from v7 (#46283) @​siriwatknp

@mui/material-nextjs@6.5.0

• Backport CSS layers feature from v7 (#46283) @​siriwatknp

Docs

• Add ListItemButton to make the deprecation clear (#46357) @​sai6855

All contributors of this release in alphabetical order: @​sai6855, @​siriwatknp

Changelog

Sourced from @​mui/styles's changelog.

6.5.0

Jul 2, 2025

A big thanks to the 2 contributors who made this release possible.

CSS layers make it easier to override styles by splitting a single style sheet into multiple layers. To learn more, check out the CSS layers documentation.

@mui/material@6.5.0

• [Dialog] Add codemod for deprecated props (#46335) @​sai6855

@mui/system@6.5.0

• Backport CSS layers feature from v7 (#46283) @​siriwatknp

@mui/material-nextjs@6.5.0

• Backport CSS layers feature from v7 (#46283) @​siriwatknp

Docs

• Add ListItemButton to make the deprecation clear (#46357) @​sai6855

All contributors of this release in alphabetical order: @​sai6855, @​siriwatknp

Commits

• 894dd47 6.5.0 (#46431)
• See full diff in compare view

Updates ajv from 8.17.1 to 8.18.0

Release notes

Sourced from ajv's releases.

v8.18.0

What's Changed

• feat: allow tree-shaking by adding "sideEffects": false to package.json by @​josdejong in ajv-validator/ajv#2480
• fix: #2482 Infinity and NaN serialise to null by @​jasoniangreen in ajv-validator/ajv#2487
• fix: small grammatical error in managing-schemas.md by @​monteiro-renato in ajv-validator/ajv#2508
• fix: typos in schema-language.md by @​monteiro-renato in ajv-validator/ajv#2507
• fix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by @​epoberezkin in ajv-validator/ajv#2586

New Contributors

• @​josdejong made their first contribution in ajv-validator/ajv#2480
• @​monteiro-renato made their first contribution in ajv-validator/ajv#2508

Full Changelog: ajv-validator/ajv@v8.17.1...v8.18.0

Commits

• 142ce84 8.18.0
• 720a23f fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...
• 82735a1 fix: typos in schema-language.md (#2507)
• b17ec32 fix: small grammatical error in managing-schemas.md (#2508)
• 69568d0 fix: #2482 Infinity and NaN serialise to null (#2487)
• f06766f feat: allow tree-shaking by adding ``"sideEffects": falsetopackage.json` ...
• See full diff in compare view

Updates axios from 1.12.2 to 1.14.0

Release notes

Sourced from axios's releases.

v1.14.0

This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably proxy-from-env v2 alignment and main entry compatibility fix).

🚀 New Features

• Runtime Features: No new end-user features were introduced in this release.
• Test Coverage Expansion: Added broader smoke/module test coverage for CJS and ESM package usage. (#7510)

🐛 Bug Fixes

• Headers: Trim trailing CRLF in normalised header values. (#7456)
• HTTP/2: Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (#7457)
• Fetch Adapter: Cancel ReadableStream created during request-stream capability probing to prevent async resource leaks. (#7515)
• Proxy Handling: Fixed env proxy behavior with proxy-from-env v2 usage. (#7499)
• CommonJS Compatibility: Fixed package main entry regression affecting CJS consumers. (#7532)

🔧 Maintenance & Chores

• Security/Dependencies: Updated formidable and refreshed package set to newer versions. (#7533, #10556)
• Tooling: Continued migration to Vitest and modernised CI/test harnesses. (#7484, #7489, #7498)
• Build/Lint Stack: Rollup, ESLint, TypeScript, and related dev-dependency updates. (#7508, #7509, #7522)
• Documentation: Clarified JSON parsing and adapter-related docs/comments. (#7398, #7460, #7478)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve Axios:

• @​aviu16 (#7456)
• @​NETIZEN-11 (#7460)
• @​fedotov (#7457)
• @​nthbotast (#7478)
• @​veeceey (#7398)
• @​penkzhou (#7515)

Full Changelog: v1.13.6...v1.14.0

v1.13.6

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

• React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#5764)
• Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#7385)

🐛 Bug Fixes

• Environment Compatibility:
  • Fixed module exports for React Native and Browserify environments. (#7386)

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 46bee3d chore(release): prepare release 1.14.0 (#10563)
• 518aff5 chore: add AI Moderator workflow for spam detection (#10551)
• b7dfda3 chore(sponsor): update sponsor block (#10557)
• 9aa34d5 fix: updated release flow to match the current flows (#10562)
• e9e5ebe Update packages to latest version (#10556)
• 4d8931c fix: formidable dependency vulnerable to arbitrary (#7533)
• 3a6f5c1 chore(deps-dev): bump @​babel/preset-env (#7531)
• bcfd299 fix: bug axios breaks commonjs compatibility main entry (#7532)
• d6dcbfd fix: dependabot uses the correct labels (#7530)
• 5dd7ba7 chore: upgrade to latest ts (#7522)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Commits

• cc482e7 4.1.1 released
• 50968b8 dist rebuild
• d092d86 lint fix
• 383665f fix prototype pollution in merge (<<)
• 0d3ca7a README.md: HTTP => HTTPS (#678)
• 49baadd doc: 'empty' style option for !!null
• ba3460e Fix demo link (#618)
• See full diff in compare view

Updates lodash from 4.17.21 to 4.17.23

Commits

• dec55b7 Bump main to v4.17.23 (#6088)
• 19c9251 fix: setCacheHas JSDoc return type should be boolean (#6071)
• b5e6729 jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (#6062)
• edadd45 Prevent prototype pollution on baseUnset function
• 4879a7a doc: fix autoLink function, conversion of source links (#6056)
• 9648f69 chore: remove yarn.lock file (#6053)
• dfa407d ci: remove legacy configuration files (#6052)
• 156e196 feat: add renovate setup (#6039)
• 933e106 ci: add pipeline for Bun (#6023)
• 072a807 docs: update links related to Open JS Foundation (#5968)
• Additional commits viewable in compare view

Updates @types/lodash from 4.17.17 to 4.17.24

Commits

• See full diff in compare view

Updates ramda from 0.30.1 to 0.32.0

Release notes

Sourced from ramda's releases.

v0.32.0

upgrade guide

v0.31.3

upgrade guide

Commits

• f0b1fb5 Version 0.32.0
• fc8f028 fix exports in package.json (#3522)
• 29470a6 docs(rebuild): fix typo (#3521)
• 7414650 docs(pipeWith): add usage example (#3520)
• 746e0f8 docs: update jsdelivr link (#3518)
• 3c81269 docs: add Map & Set example to type.js (#3517)
• 3cade36 feat: better handling of decimal arguments to range (#3516)
• d4443e6 Update head.js and last.js docs example (#3515)
• 7ee3d7a Version 0.31.3
• 69dfa7f do not clean dist
• Additional commits viewable in compare view

Updates react-hook-form from 7.57.0 to 7.72.0

Release notes

Sourced from react-hook-form's releases.

Version 7.72.0

⚓️ feat: built-in form level validate (#13195)

useForm({
  validate: async ({ formValues }: FormValidateResult) => {
    if (formValues.test1.length > formValues.test.length) {
      return {
        type: 'formError',
        message: 'something is wrong here',
      };
    }
if (formValues.test === 'test') {
  return 'direct error message';
}
return true;

},
});

🐞 fix: prevent useFieldArray from marking unrelated fields as dirty (#13299) 🐞 fix #13300 checkbox form validation ignored with native validation (#13310) 🌉 allow subscribe formState to track submit state (#13319)

thanks to @​WiXSL, @​BrendanC23 & @​6810779s

Version 7.71.2

🕵️‍♂️ fix: use DeepPartialSkipArrayKey for WatchObserver value parameter (#13278) 🧹 fix(clearErrors): emit name signal for targeted field updates (#13280)

thanks to @​veeceey, @​kaigritun, @​pgoslatara & @​seongbiny

Version v7.71.1

🐞 fix #13250 issue with booleans_as_integers (#13252)

Version 7.71.0

⚡ perf: memoize FormProvider context value to prevent unnecessary rerenders (#13235) 🚄 perf: separate control context to prevent unnecessary rerenders (#13234) 🐞 fix: update isValid when field disabled state changes (#13231) 👌 chore: optimize bundle size via safe terser options (#13243) (#13244)

thanks to @​kamja44, @​a28689604 & @​newsiberian

Version 7.70.0

✅ watch type improvement (#13228) 🐞 fix: prevent field array ghost elements with keepDirtyValues (#13188) 🐞 fix: improve invalid date handling in deepEqual and validation (#13230)

... (truncated)

Commits

• 1fecf73 7.72.0
• f5373fe 🌉 allow subscribe formState to track submit state (#13319)
• f5deec5 📖 chore: update issue template CodeSandbox links (#13315)
• 3f4d0f3 🐞 fix #13300 checkbox form valdiation ignored with native valdiation (#13310)
• 2e8f081 🐞 fix: prevent useFieldArray from marking unrelated fields as dirty (#13299)
• 6067c3f ⚓️ feat: build-in form level validate (#13195)
• 85684f9 7.71.2
• 4933dcc 🧹 fix(clearErrors): emit name signal for targeted field updates (#13280)
• 319b3ed 🕵️‍♂️ fix: use DeepPartialSkipArrayKey for WatchObserver value parameter (#13...
• 0e04ad3 🏋️‍♀️ chore: Update outdated GitHub Actions versions (#13274)
• Additional commits viewable in compare view

Updates simplebar-react from 3.3.1 to 3.3.2

Changelog

Sourced from simplebar-react's changelog.

v3.3.2 (Thu Jul 03 2025)

🐛 Bug Fix

• Update CHANGELOG.md [skip ci] (@​Grsmto)
• fix(react): horizontal & vertical classNames #656 (@​fakundo)

⚠️ Pushed to master

• add missing types in exports (@​Grsmto)
• Publish (@​Grsmto)
• chore(react): also add exports field (@​Grsmto)

Authors: 2

• @​fakundo
• Adrien Denat (@​Grsmto)

---

Commits

• 46a2c4a Publish
• 91860f1 Update CHANGELOG.md [skip ci]
• 598394b add missing types in exports
• See full diff in compare view

Updates socket.io-client from 4.8.1 to 4.8.3

Release notes

Sourced from socket.io-client's releases.

socket.io-client@4.8.3

There were some minor bug fixes on the server side, which mandate a client bump.

Dependencies

• engine.io-client@~6.6.1 (no change)
• ws@~8.18.3 (diff)

socket.io-client@4.8.2

Bug Fixes

• bundle: do not mangle the "_placeholder" attribute (bis) (cdae019)
• drain queue before emitting "connect" (#5259) (d19928e)

Dependencies

• engine.io-client@~6.6.1 (no change)
• ws@~8.17.1 (no change)

Commits

• e9e5bed chore(release): socket.io-client@4.8.3
• 9581f9b fix(sio): do not throw when calling io.close() on a stopped server
• 579d43f refactor: remove unused files
• ee9aac3 chore(release): socket.io-parser@4.2.5
• 968277c chore(release): socket.io-adapter@2.5.6
• 2bf16bd chore(release): engine.io-client@6.6.4
• ad61607 docs(eio): fix link in the release notes
• dd71792 chore(release): socket.io@4.8.2
• bb0b480 fix(sio): improve io.close() function (#5344)
• 161be91 test(sio): pin version of the client bundle in the tests
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for socket.io-client since your current version.

Updates tss-react from 4.9.18 to 4.9.20

Release notes

Sourced from tss-react's releases.

Release v4.9.20

Full Changelog: garronej/tss-react@v4.9.19...v4.9.20

Release v4.9.19

Full Changelog: garronej/tss-react@v4.9.18...v4.9.19

Commits

• 883cdde Bump version
• d523ffb #233
• dc7b099 Bump version
• 8c0090a #231
• See full diff in compare view

Updates yaml from 2.8.0 to 2.8.3

Release notes

Sourced from yaml's releases.

v2.8.3

• Add trailingComma ToString option for multiline flow formatting (#670)
• Catch stack overflow during node composition (1e84ebb)

v2.8.2

• Serialize -0 as -0 (#638)
• Do not double newlines for empty map values (#642)

v2.8.1

• Preserve empty block literals (#634)

Commits

• ce14587 2.8.3
• 1e84ebb fix: Catch stack overflow during node composition
• 6b24090 ci: Include Prettier check in lint action
• 9424dee chore: Refresh lockfile
• d1aca82 Add trailingComma ToString option for multiline flow formatting (#670)
• 4321509 ci: Drop the branch filter from GitHub PR actions
• 47207d0 chore: Update docs-slate
• 5212fae chore: Update docs-slate
• 086fa6b 2.8.2
• 95f01e9 chore: Add funding to package.json
• Additional commits viewable in compare view

Updates @mui/types from 7.2.24 to 7.4.12

Release notes

Sourced from @​mui/types's releases.

v7.3.9

A big thanks to the 15 contributors who made this release possible.

@mui/material@7.3.9

• Clean up duplicated CSS rules (#47893) @​sai6855
• [theme] Generate color-mix value on top of default generated Material UI CSS variables (#47791) @​ZeeshanTamboli
• [tooltip] Fix error is thrown when wrapping an input which is disabled while focused (#47841) @​ZeeshanTamboli
• [table cell][theme] Apply alpha before color mixing to border bottom color when nativeColor + cssVariables is used (#47840) @​ZeeshanTamboli

Docs

• Fix small typo in NumberField page (#47888) @​arthur-plazanet
• Fix Theme builder video (#47855) @​oliviertassinari
• Add updated community theme resource (#47853) @​PeterTYLiu
• Fix the keyboard navigation in GroupedMenu example (#47848) @​silviuaavram
• Few copy fixes (#47810) @​pavan-sh
• Fix JSX in Overriding component structure docs (#47805) @​ZeeshanTamboli
• Fix SSR flicker sentence grammar (#47794) @​pavan-sh
• [system] Update sizing docs to clarify (0, 1] behavior. (#47851) @​matthias-ccri
• [theme] Fix nativeColor docs (#47759) (#47789) @​ZeeshanTamboli

Core

• point v7 subdomain to MUI X v7 docs (#113) @​vmakhaev
• [blog] Blogpost for upcoming price changes for MUI X (#47748) (#47910) @​DanailH
• [blog] Company Update: What we've been working on (and why) (alethomas) (#47626) (#47908) @​alelthomas
• [core] Update releaseChangelog.mjs (#47862) @​mnajdova
• [code-infra] Detect browser envs that don't support layout (#47813) (#47873) @​Janpot
• [code-infra] Enable undefined addition to optional properties (#47815) @​brijeshb42
• [docs-infra] Reapply Cookie Banner with Design Fixes (#47744) @​dav-is

All contributors of this release in alphabetical order: @​alelthomas, @​arthur-plazanet, @​brijeshb42, @​DanailH, @​dav-is, @​Janpot, @​matthias-ccri, @​mnajdova, @​oliviertassinari, @​pavan-sh, @​PeterTYLiu, @​sai6855, @​silviuaavram, @​vmakhaev, @​ZeeshanTamboli

v7.3.8

A big thanks to the 15 contributors who made this release possible. Here are some highlights ✨:

@mui/material@7.3.8

• [alert] Revert removing default icon mapping fallback (#47629) @​ZeeshanTamboli
• [app-bar] Fix optional chaining in joinVars function (#47739) @​sai6855
• [autocomplete] Fix scroll position resetting on reopen with disableCloseOnSelect (#47248) @​ZeeshanTamboli
• [autocomplete] Pass fullWidth prop to input, with default as true (#47663) @​silviuaavram
• [badge] Refactor variant styles generation (#47742) @​sai6855
• [chip] Remove unnecessary onDelete check (#47753) @​ZeeshanTamboli
• [switch][checkbox][radio] Remove aria-disabled from root span (#46318) @​KirankumarAmbati
• [collapse] Remove unnecessary string concatenation (#47745) @​sai6855
• [drawer] persistent and permanent variant Drawers should not override the styles via theme using modal class (#47581) @​ZeeshanTamboli
• [tabs] Add ability to extend Tabs variant (#47590) @​aditya1906
• [useAutocomplete] Add aria-multiselectable to listbox props when multiple is true (#47632) @​silviuaavram

... (truncated)

Changelog

Sourced from @​mui/types's changelog.

Versions

9.0.0-beta.0

Mar 25, 2026

A big thanks to the 8 contributors who made this release possible.

@mui/material@9.0.0-beta.0

Breaking Changes

• [linear-progress] Remove deprecated CSS classes (#48068) @​mj12albert
• [list-item, list-item-text] Remove deprecated props (#48042) @​siriwatknp
• [button-group] Remove deprecated classes (#48043) @​siriwatknp
• [card] Remove deprecated CardHeader props (#47995) @​silviuaavram
• [checkbox][radio][switch] Remove deprecated inputProps and inputRef (#48059) @​siriwatknp
• [chip] Remove deprecated classes (#48046) @​silviuaavram
• [dialog][modal][drawer][swipeabledrawer] Remove deprecated props and classes (

[dependabot]

Labels

The following labels could not be found: dependabot. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.