Deps: bump styled-components from 6.3.12 to 6.4.0

[dependabot]

Bumps styled-components from 6.3.12 to 6.4.0.

Release notes

Sourced from styled-components's releases.

[email protected]

Minor Changes

• b0f3d29: .attrs() improvements: props supplied via attrs are now automatically made optional on the resulting component (previously required even when attrs provided a default). Also fixes a bug where the attrs callback received a mutable props object that could be changed by subsequent attrs processing; it now receives an immutable snapshot.

• 2a973d8: Dropped IE11 support: ES2015 build target, inlined unitless CSS properties (removing @​emotion/unitless dependency), removed legacy React class statics from hoist and other unnecessary code.

• 9e07d95: Add createTheme(defaultTheme, options?) for CSS variable theming that works across RSC and client components.

  Returns an object with the same shape where every leaf is var(--prefix-path, fallback). Pass it to ThemeProvider for stable class name hashes across themes (no hydration mismatch on light/dark switch).

  const theme = createTheme({ colors: { primary: '#0070f3' } });
  // theme.colors.primary → "var(--sc-colors-primary, #0070f3)"
  // theme.raw → original object
  // theme.vars.colors.primary → "--sc-colors-primary"
  // theme.resolve(el?) → computed values from DOM (client-only)
  // theme.GlobalStyle → component that emits CSS var declarations

  vars exposes bare CSS custom property names (same shape as the theme) for use in createGlobalStyle dark mode overrides without hand-writing variable names:

  const { vars } = createTheme({ colors: { bg: '#fff', text: '[#000](https://github.com/styled-components/styled-components/issues/000)' } });
  const DarkOverrides = createGlobalStyle@media (prefers-color-scheme: dark) { :root { ${vars.colors.bg}: [#111](https://github.com/styled-components/styled-components/issues/111); ${vars.colors.text}: #eee; } };

  Options: prefix (default "sc"), selector (default ":root", use ":host" for Shadow DOM).

• 79cc7b4: Add first-class CSP nonce support. Nonces can now be configured via StyleSheetManager's nonce prop (recommended for Next.js, Remix), ServerStyleSheet's constructor, <meta property="csp-nonce"> (Vite convention), <meta name="sc-nonce">, or the legacy __webpack_nonce__ global.

• b0f3d29: Rearchitect createGlobalStyle to use shared stylesheet groups.

  All instances of a createGlobalStyle component now share a single stylesheet group, registered once at definition time. This fixes unmounting one instance removing styles needed by others (#5695), styles scattering after remount (#3146), and group ID leaks during SSR (#3022).

  CSS injection order is now fully determined at definition time (lower group ID = earlier in stylesheet). Render order no longer affects CSS order. Keyframes defined before a component correctly appear before that component's rules.

  Also fixes: O(n^2) performance regression in jsdom test environments from unbounded rule accumulation, and stale static global styles during client-side HMR (effect deps now include the globalStyle reference so module re-evaluation triggers re-injection).

• b0f3d29: Significant render performance improvements via three-layer memoization and hot-path micro-optimizations. Client-only; server renders are unaffected.

  Re-renders that don't change styling now skip style resolution entirely. Components sharing the same CSS (e.g., list items) benefit from cross-sibling caching. Hot-path changes include forEach → for/for...of, template literal → manual concat, and reduced allocations.

... (truncated)

Commits

• bf65d5d Version Packages
• 9c871dd refactor: optimize client reference detection placement in flatten()
• 36fd9bc fix: prevent crash when interpolating client components in RSC styled templates
• b67d5cf test: reference shared LIMIT constant for dynamicNameCache bound assertion
• 4eb32af test: assert warnTooManyClasses fires before dynamicNameCache eviction
• 74e8b76 chore: remove unused runtime dependencies
• 553cbb4 fix: bound dynamicNameCache to prevent memory leak
• 248edc3 perf: unified CSS preprocessor, snapshot audit fixes (#5721)
• 67c528f feat(sandbox): perf stress tests, shared sidebar, tailwind benchmark (#5719)
• 4c0b72a fix(types): ref callback inference with spread props, type perf, TS 6.0 compat
• Additional commits viewable in compare view

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA bbe0d69.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
npm/nanoid	3.3.11	🟢 6.7	Details Check Score Reason Code-Review ⚠️ 2 Found 6/30 approved changesets -- score normalized to 2 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 10 all dependencies are pinned Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST 🟢 5 SAST tool is not run on all commits -- score normalized to 5
npm/source-map-js	1.2.1	🟢 3.8	Details Check Score Reason Maintained 🟢 7 9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7 Code-Review ⚠️ 2 Found 8/30 approved changesets -- score normalized to 2 Token-Permissions ⚠️ -1 No tokens found Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ -1 no workflows found Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Pinned-Dependencies ⚠️ -1 no dependencies found License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/styled-components	6.4.1	🟢 6	Details Check Score Reason Code-Review ⚠️ 0 Found 0/19 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST 🟢 9 SAST tool detected but not run on all commits

Scanned Files

• package-lock.json

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.66%. Comparing base (7a6d97d) to head (bbe0d69).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5239   +/-   ##
=======================================
  Coverage   78.66%   78.66%           
=======================================
  Files        1190     1190           
  Lines       31264    31264           
  Branches     9354     9354           
=======================================
  Hits        24595    24595           
  Misses       5980     5980           
  Partials      689      689           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.