[Snyk] Upgrade @mui/system from 7.3.6 to 7.3.7 #337

hotaery · 2026-01-30T10:24:42Z

Snyk has created this PR to upgrade @mui/system from 7.3.6 to 7.3.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 22 days ago.

Release notes

Package name: @mui/system

7.3.7 - 2026-01-08
A big thanks to the 16 contributors who made this release possible.

@ mui/material@7.3.7
- [accordion] Remove unnecessary handling of square prop on Accordion Root (#47457) @ ZeeshanTamboli
- [alert] Remove unnecessary default icon mapping fallback (#47460) @ ZeeshanTamboli
- [appbar] Fix inherit color CSS variable not getting applied (#47518) @ ZeeshanTamboli
- [autocomplete] Fix ArrowLeft, Backspace & Delete behavior for multiple and single-value rendering with proper caret handling (#47411) @ jnbain
- [backdrop] Remove unnecessary passing of classes from root slot (#47519) @ ZeeshanTamboli
- [button-group] Fix styles when variant is contained (#47499) @ ZeeshanTamboli
- [card-action-area] Remove incorrect root ref being forwarded to focus highlight component (#47523) @ ZeeshanTamboli
- [checkbox] Fix readonly checkboxes (#47503) @ mj12albert
- [click-away-listener] Tighten the parameter type of createHandleSynthetic method (#47525) @ ZeeshanTamboli
- [dialog] Fix backdrop theme style overrides (#47544) @ ZeeshanTamboli
- [focus-trap] Compute activeElement inside loopFocus on every keydown (#47566) @ ZeeshanTamboli
- [modal] Take non-integer padding-right into consideration when scroll locking (#47420) @ Zache
- [select] Fix dropdown width does not match trigger width on window resize (#47526) @ AarishMansur
- [tabs] Fix passing incorrect slot name props (scrollButton → scrollButtons) (#47215) @ rithik56
Docs
- [card] Fix key warning (#47524) @ ZeeshanTamboli
- [dialog] Replace TranstionProps with slotProps.transition (#47569) @ sai6855
- [number-field] Use stable Base UI package (#47504) @ siriwatknp
- [snackbar] Replace TransitionComponent with slots.transition (#47570) @ sai6855
- Fix incorrect indentation in migration guide (#47571) @ sai6855
- Enable MUI chat on Material UI demos (#46837) @ siriwatknp
- Add docs and website banner for Dev survey'25 (#47521) @ prakhargupta1
- Update Tailwind CSS v4 + Next.js Pages Router docs (#47546) @ atharva3333
- Add warning callout to Sync plugin doc (#47511) @ mapache-salvaje
- Update typo in TailwindCSS v4 integration with Next.js docs (#47512) @ TimKraemer
- Fix link to contributing guide (#47473) @ oliviertassinari
- Improve description of Accordion props (#47459) @ ZeeshanTamboli
Core
- [blog] Whats new since MUI X v8 [DX-51] (#47140) @ joserodolfofreitas
- [code-infra] Fix React@next CI job (#47493) @ Janpot
- [code-infra] Move font loading to @ mui/docs (#47385) @ Janpot
- [code-infra] Fix CI for React 18 (#47560) @ Janpot
- [code-infra] Prevent legacy browsers tests from updating (#47496) @ Janpot
- [code-infra] Move @ mui/internal-test-utils to code infra repo (#47422) @ Janpot
- [code-infra] Fix React@next CI job (#47493) @ Janpot
- [examples] Update Next.js versions to v16 in Next.js examples (DX-57) (#47453) @ alelthomas
- [internal] Bump Next.js & React version to avoid security vulnerability (#47427) @ oliviertassinari
- [test] Use plain playwright for e2e (#47410) @ mj12albert
- [test] Fix react-18 tests (#47407) @ Janpot
All contributors of this release in alphabetical order: @ AarishMansur, @ alelthomas, @ atharva3333, @ bricefrisco, @ Janpot, @ jnbain, @ joserodolfofreitas, @ mapache-salvaje, @ mj12albert, @ oliviertassinari, @ prakhargupta1, @ rithik56, @ siriwatknp, @ TimKraemer, @ Zache, @ ZeeshanTamboli
7.3.6 - 2025-12-03
A big thanks to the 22 contributors who made this release possible.

@ mui/material@7.3.6
- [Accordion] Move properties to the AccordionOwnProps interface (#47348) @ Aleksan4e3
- [Autocomplete] Remove unnecessary filterSelectedOptions dependency from syncHighlightedIndex useCallback (#47378) @ ZeeshanTamboli
- [Autocomplete] Fix input caret not showing when focusing after chip navigation (#47249) @ vrachuri28
- [Autocomplete] Fix ArrowLeft crash when value is not set with single-value rendering (#47214) @ rithik56
- [Button] Fix running formAction when passed (#47185) @ sai6855
- [Chip] Remove leftover closing parenthesis in CSS class key (#47345) @ ZeeshanTamboli
- [ListItem] Add secondaryAction slot to ListItem (#47399) @ sai6855
- [NumberField] Fix scroll behavior (#47397) @ oliviertassinari
- [Select] Fix keyboard navigation while rendering in shadow DOM (#47380) @ xBlizZer
- [Select] Fix cannot pass certain event handlers (#47366) @ ZeeshanTamboli
- [Slider] Accept readonly array for marks prop (#47370) @ pcorpet
- [Snackbar] Avoid unnecessary ownerState spread into useSnackbar (#47373) @ ZeeshanTamboli
- [TextField] Allow custom props in slot props via TS module augmentation (#47367) @ kumarvishwajeettrivedi
- [Tabs] Fix Arrow key navigation failing when component is rendered in shadow DOM (#47178) @ sai6855
- Fix typings for theme applyStyles with custom color schemes (#47242) @ akankshahu
@ mui/system@7.3.6
- Fix unwanted attribute on DOM from InitColorSchemeScript class attribute (#47200) @ siriwatknp
@ mui/lab@7.3.6
- [Masonry] Fix layout flicker and single column issue (#43903) @ Fanzzzd
Docs
- Fix default theme viewer styling (#47400) @ sai6855
- Remove repetitive words (#47384) @ rifeplight
- Fix link to Portal API docs (#47383) @ ZeeshanTamboli
- Remove mentions of MUI Base from Material UI docs (#47324) @ mapache-salvaje
- Update CSP guidance (#47342) @ rossdakin
- Fix pathname collision in LLMs docs generator (#47209) @ siriwatknp
- Resolve redirected urls to their final location (#47193) @ Janpot
- Document correct default values for elevation and square props (#47261) @ Ad1tya-007
- Fix display of colors in dark mode in palette customization page (#47403) @ sai6855
- Add Number Field component page (#47165) @ siriwatknp
- Fix mcp schema change (#47171) @ sai6855
Core
- [code-infra] Add types for markdown loader (#47075) @ Janpot
- [code-infra] Build test utils with code-infra pipeline (#47405) @ Janpot
- [code-infra] Vitest test migration (#44325) @ JCQuintas
- [code-infra] Revive docs bundle analyzer (#47401) @ Janpot
- [code-infra] Update tests from vitest PR (#47344) @ Janpot
- [code-infra] Use util from code-infra to fetch changelogs (#47350) @ brijeshb42
- [code-infra] Enable production sourcemaps (#47352) @ Janpot
- [code-infra] Use code-infra orb utils in circle ci (#47179) @ brijeshb42
- [code-infra] Use next/font for local fonts (#47351) @ Janpot
- [code-infra] New broken links checker (#47113) @ Janpot
- [code-infra] Remove profiler (#47258) @ Janpot
- [code-infra] Api doc optimizations (#47188) @ Janpot
- [code-infra] Increase type check parallelism (#47192) @ Janpot
- [code-infra] Remove deprecated baseUrl (#47210) @ Janpot
- [code-infra] Disable next.js cache (#47233) @ Janpot
- [code-infra] release:build for bundle checker (#47207) @ Janpot
- [code-infra] Parallelize module augmentation tests (#47208) @ Janpot
- [code-infra] Fix next.js parallelism at 2 for macos runner (#47201) @ Janpot
- [code-infra] Fix bash escape (#46969) @ oliviertassinari
- [code-infra] Utilise eslint cache in CI (#47194) @ Janpot
- [code-infra] Enable Next.js build cache to improve CI performance (#47176) @ Copilot
- [code-infra] Remove apps folder (#47183) @ Janpot
- [code-infra] Migrate everything to getStaticProps (#47152) @ Janpot
- [docs-infra] Migrate to next/font (#47347)

Snyk has created this PR to upgrade @mui/system from 7.3.6 to 7.3.7. See this package in npm: @mui/system See this project in Snyk: https://app.snyk.io/org/hotaery/project/9c3ae0a0-87cd-40c1-8f41-9b8d44f403ad?utm_source=github&utm_medium=referral&page=upgrade-pr

vercel · 2026-01-30T10:24:45Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
liborate	Ready	Preview, Comment	Feb 10, 2026 10:05am
liborate-staging	Ready	Preview, Comment	Feb 10, 2026 10:05am
zoom-companion-shaomei-test	Ready	Preview, Comment	Feb 10, 2026 10:05am

github-actions · 2026-01-30T10:24:54Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

npm/@mui/private-theming

7.3.7

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 7/10 approved changesets -- score normalized to 7
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	🟢 5	badge detected: Passing
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 7	SAST tool detected but not run on all commits
Branch-Protection	🟢 4	branch protection is not maximal on development and all release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	13 existing vulnerabilities detected
CI-Tests	🟢 10	28 out of 28 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 35 contributing companies or organizations

npm/@mui/styled-engine

7.3.7

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 7/10 approved changesets -- score normalized to 7
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	🟢 5	badge detected: Passing
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 7	SAST tool detected but not run on all commits
Branch-Protection	🟢 4	branch protection is not maximal on development and all release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	13 existing vulnerabilities detected
CI-Tests	🟢 10	28 out of 28 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 35 contributing companies or organizations

npm/@mui/system

7.3.7

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 7/10 approved changesets -- score normalized to 7
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	🟢 5	badge detected: Passing
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 7	SAST tool detected but not run on all commits
Branch-Protection	🟢 4	branch protection is not maximal on development and all release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	13 existing vulnerabilities detected
CI-Tests	🟢 10	28 out of 28 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 35 contributing companies or organizations

npm/@mui/types

7.4.10

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 7/10 approved changesets -- score normalized to 7
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	🟢 5	badge detected: Passing
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 7	SAST tool detected but not run on all commits
Branch-Protection	🟢 4	branch protection is not maximal on development and all release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	13 existing vulnerabilities detected
CI-Tests	🟢 10	28 out of 28 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 35 contributing companies or organizations

npm/@mui/utils

7.3.7

🟢 7.5

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 7	Found 7/10 approved changesets -- score normalized to 7
Dependency-Update-Tool	🟢 10	update tool detected
Security-Policy	🟢 10	security policy file detected
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
CII-Best-Practices	🟢 5	badge detected: Passing
Binary-Artifacts	🟢 10	no binaries found in the repo
License	🟢 10	license file detected
Pinned-Dependencies	🟢 7	dependency not pinned by hash detected -- score normalized to 7
Signed-Releases	⚠️ -1	no releases found
SAST	🟢 7	SAST tool detected but not run on all commits
Branch-Protection	🟢 4	branch protection is not maximal on development and all release branches
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	13 existing vulnerabilities detected
CI-Tests	🟢 10	28 out of 28 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 35 contributing companies or organizations

npm/csstype

3.2.3

🟢 4.9

Details

Check	Score	Reason
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Maintained	🟢 10	21 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts	🟢 10	no binaries found in the repo
Code-Review	⚠️ 1	Found 3/28 approved changesets -- score normalized to 1
Packaging	⚠️ -1	packaging workflow not detected
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Security-Policy	⚠️ 0	security policy file not detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 8	2 existing vulnerabilities detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

npm/react-is

19.2.4

🟢 5.7

Details

Check	Score	Reason
Code-Review	🟢 7	Found 21/30 approved changesets -- score normalized to 7
Maintained	🟢 10	30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 2	badge detected: InProgress
License	🟢 10	license file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Signed-Releases	⚠️ -1	no releases found
Binary-Artifacts	🟢 9	binaries present in source code
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	249 existing vulnerabilities detected

Scanned Files

package-lock.json

Snyk has created this PR to upgrade @mui/system from 7.3.6 to 7.3.7. See this package in npm: @mui/system See this project in Snyk: https://app.snyk.io/org/hotaery/project/9c3ae0a0-87cd-40c1-8f41-9b8d44f403ad?utm_source=github&utm_medium=referral&page=upgrade-pr

vercel bot deployed to Preview – liborate January 30, 2026 10:25 View deployment

vercel bot deployed to Preview – liborate-staging January 30, 2026 10:25 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test January 30, 2026 10:25 View deployment

vercel bot deployed to Preview – liborate-staging January 31, 2026 05:06 View deployment

vercel bot deployed to Preview – liborate January 31, 2026 05:06 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test January 31, 2026 05:06 View deployment

vercel bot deployed to Preview – liborate-staging February 1, 2026 04:42 View deployment

vercel bot deployed to Preview – liborate February 1, 2026 04:42 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test February 1, 2026 04:42 View deployment

vercel bot deployed to Preview – liborate-staging February 2, 2026 04:38 View deployment

vercel bot deployed to Preview – liborate February 2, 2026 04:38 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test February 2, 2026 04:38 View deployment

vercel bot deployed to Preview – liborate-staging February 3, 2026 09:40 View deployment

vercel bot deployed to Preview – liborate February 3, 2026 09:40 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test February 3, 2026 09:40 View deployment

vercel bot deployed to Preview – liborate-staging February 4, 2026 09:34 View deployment

vercel bot deployed to Preview – liborate February 4, 2026 09:34 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test February 4, 2026 09:34 View deployment

vercel bot deployed to Preview – liborate-staging February 5, 2026 09:08 View deployment

vercel bot deployed to Preview – liborate February 5, 2026 09:08 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test February 5, 2026 09:09 View deployment

vercel bot deployed to Preview – liborate-staging February 7, 2026 02:37 View deployment

vercel bot deployed to Preview – liborate February 7, 2026 02:37 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test February 7, 2026 02:37 View deployment

vercel bot deployed to Preview – liborate-staging February 7, 2026 19:20 View deployment

vercel bot deployed to Preview – liborate February 7, 2026 19:21 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test February 7, 2026 19:21 View deployment

vercel bot deployed to Preview – liborate-staging February 9, 2026 06:10 View deployment

vercel bot deployed to Preview – liborate February 9, 2026 06:10 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test February 9, 2026 06:10 View deployment

vercel bot deployed to Preview – liborate-staging February 10, 2026 10:05 View deployment

vercel bot deployed to Preview – liborate February 10, 2026 10:05 View deployment

vercel bot deployed to Preview – zoom-companion-shaomei-test February 10, 2026 10:05 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade @mui/system from 7.3.6 to 7.3.7 #337

[Snyk] Upgrade @mui/system from 7.3.6 to 7.3.7 #337

hotaery commented Jan 30, 2026

`@ mui/material@7.3.7`

Docs

Core

@ mui/material@7.3.6

@ mui/system@7.3.6

@ mui/lab@7.3.6

Docs

Core

Uh oh!

vercel bot commented Jan 30, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Jan 30, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[Snyk] Upgrade @mui/system from 7.3.6 to 7.3.7 #337

Are you sure you want to change the base?

[Snyk] Upgrade @mui/system from 7.3.6 to 7.3.7 #337

Conversation

hotaery commented Jan 30, 2026

Snyk has created this PR to upgrade @mui/system from 7.3.6 to 7.3.7.

@ mui/material@7.3.7

Docs

Core

@ mui/material@7.3.6

@ mui/system@7.3.6

@ mui/lab@7.3.6

Docs

Core

Uh oh!

vercel bot commented Jan 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Jan 30, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

`@ mui/material@7.3.7`

vercel bot commented Jan 30, 2026 •

edited

Loading

github-actions bot commented Jan 30, 2026 •

edited

Loading