Bump the dependencies group across 1 directory with 6 updates

[dependabot]

Bumps the dependencies group with 6 updates in the / directory:

Package	From	To
@ledgerhq/hw-app-btc	10.11.2	10.17.0
@ledgerhq/hw-transport	6.31.12	6.32.0
@ledgerhq/hw-transport-webusb	6.29.12	6.30.0
@trezor/connect-web	9.6.4	9.7.1
axios	1.12.2	1.13.5
bip32	5.0.0-rc.0	5.0.1

Updates @ledgerhq/hw-app-btc from 10.11.2 to 10.17.0

Commits

• 1e2cf69 Merge release into main
• 7ce0b40 chore(release): 🚀 prepare release [skip ci]
• f09154b Merge pull request #13949 from LedgerHQ/smartling-translations-20260126100500266
• b590284 File apps/ledger-live-mobile/src/locales/en/common.json was translated to es-...
• 9071ced File apps/ledger-live-desktop/static/i18n/en/app.json was translated to pt-BR...
• ba3efd7 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to es-ES...
• ce6b39e File apps/ledger-live-mobile/src/locales/en/common.json was translated to zh-...
• 1ceb92e File apps/ledger-live-mobile/src/locales/en/common.json was translated to de-...
• e7ada87 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to ar-AE...
• 94b2aba File apps/ledger-live-mobile/src/locales/en/common.json was translated to ja-...
• Additional commits viewable in compare view

Updates @ledgerhq/hw-transport from 6.31.12 to 6.32.0

Commits

• 647c11d Merge release into main
• f260074 chore(release): 🚀 prepare release [skip ci]
• 80c3d0c Merge pull request #13733 from LedgerHQ/smartling-translations-20260116094320030
• 42ac90e File apps/ledger-live-mobile/src/locales/en/common.json was translated to es-...
• 2c03c83 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to pt-BR...
• c9d1d26 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to es-ES...
• 4772f20 File apps/ledger-live-mobile/src/locales/en/common.json was translated to zh-...
• 3c18ff2 File apps/ledger-live-mobile/src/locales/en/common.json was translated to de-...
• d6191c9 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to ar-AE...
• 83e994c File apps/ledger-live-mobile/src/locales/en/common.json was translated to ja-...
• Additional commits viewable in compare view

Updates @ledgerhq/hw-transport-webusb from 6.29.12 to 6.30.0

Commits

• 647c11d Merge release into main
• f260074 chore(release): 🚀 prepare release [skip ci]
• 80c3d0c Merge pull request #13733 from LedgerHQ/smartling-translations-20260116094320030
• 42ac90e File apps/ledger-live-mobile/src/locales/en/common.json was translated to es-...
• 2c03c83 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to pt-BR...
• c9d1d26 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to es-ES...
• 4772f20 File apps/ledger-live-mobile/src/locales/en/common.json was translated to zh-...
• 3c18ff2 File apps/ledger-live-mobile/src/locales/en/common.json was translated to de-...
• d6191c9 File apps/ledger-live-desktop/static/i18n/en/app.json was translated to ar-AE...
• 83e994c File apps/ledger-live-mobile/src/locales/en/common.json was translated to ja-...
• Additional commits viewable in compare view

Updates @trezor/connect-web from 9.6.4 to 9.7.1

Release notes

Sourced from @​trezor/connect-web's releases.

v26.1.1@mobile

Trezor Suite 26.1.1 for Android is now available also on: https://data.trezor.io/suite/releases/mobile/v26.1.1

🚀 New features

• Avalanche C-Chain is now fully supported, allowing you to manage and transact on Avalanche seamlessly.
• Sell assets directly from the Trading section.

🎨 Improvements

• Track the performance of your Cardano (ADA) staking directly from a dedicated, view-only dashboard.
• Cardano tokens are now visible in your wallet (view-only).
• Legacy gas fees have been removed. Choose priority fees using the EIP-1559 fee model for Ethereum transactions.

🔧 Bug fixes

• Minor issues have been resolved, and overall usability has been enhanced to deliver a more stable and consistent experience.

v25.12.2@mobile

Trezor Suite 25.12.2 for Android is now available also on: https://data.trezor.io/suite/releases/mobile/v25.12.2

🎨 Improvements

• We’ve added language support for Japanese, German, and Portuguese in the Trezor Suite app.
• Firmware installation is now allowed on USB-connected devices even when battery level is below 40%.
• Firmware language of Trezor device can be changed directly from the Trezor Suite app.

v25.11.4@mobile

Trezor Suite 25.11.4 for Android is now available also on: https://data.trezor.io/suite/releases/mobile/v25.11.4

🔧 Bug fixes

• Fix handling of passphrase with special characters.

v25.11.3@mobile

Trezor Suite 25.11.3 for Android is now available also on: https://data.trezor.io/suite/releases/mobile/v25.11.3

🚀 New features

• Passphrase protection is now disabled by default during onboarding and can be activated at any time in the passphrase settings for greater user control.
• A new Tropic chip authenticity check has been introduced, providing an additional layer of device verification.

🎨 Improvements

• Passphrase wallet visibility has been optimized—when passphrase protection is disabled, Passphrase wallets are no longer shown in the wallet switcher, reducing interface clutter.

🔧 Bug fixes

• Minor issues have been resolved, and overall usability has been enhanced to deliver a more stable and consistent experience.

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​trezor/connect-web since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates axios from 1.12.2 to 1.13.5

Release notes

Sourced from axios's releases.

v1.13.5

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #7369)

Fixes

• Fix/5657. (PR #7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #7326)
• Refactor: bump minor package versions. (PR #7356)

Documentation

• Clarify object-check comment. (PR #7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #7355)
• CI: update workflow YAMLs. (PR #7372)
• CI: fix run condition. (PR #7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #7360)
• Chore(release): prepare release 1.13.5. (PR #7379)

New Contributors

• @​sachin11063 (first contribution — PR #7323)
• @​asmitha-16 (first contribution — PR #7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release

... (truncated)

Changelog

Sourced from axios's changelog.

Changelog

1.13.3 (2026-01-20)

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#7253) (#7257) (7d19335)
• turn AxiosError into a native error (#5394) (#5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#6053) (65a7584)
• add Node.js coverage script using c8 (closes #7289) (#7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#6265) (860e033)
• enhance pipeFileToResponse with error handling (#7169) (88d7884)
• types: Intellisense for string literals in a widened union (#6134) (f73474d), closes microsoft/TypeScript#33471

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#7253) (#7…" (#7298) (a4230f5), closes #7253 #7 #7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad

... (truncated)

Commits

• 29f7542 chore(release): prepare release 1.13.5 (#7379)
• 431c3a3 ci: fix run condition (#7373)
• 9ff3a78 ci: update ymls (#7372)
• 265b712 docs: fix deprecated Buffer constructor and formatting issues in README (#7371)
• 475e75a feat: add input validation to isAbsoluteURL (#7326)
• 28c7215 fix: Denial of Service via proto Key in mergeConfig (#7369)
• 04cf019 docs: clarify object check comment (#7323)
• 696fa75 fix: status is missing in AxiosError on and after v1.13.3 (#7368)
• 569f028 fix: added a option to choose between legacy and the new request/response int...
• 44b7c9f chore(deps-dev): bump karma-sourcemap-loader (#7360)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.

Updates bip32 from 5.0.0-rc.0 to 5.0.1

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by jl.landabaso, a new releaser for bip32 since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.
• ⚠️ 2 packages with OpenSSF Scorecard issues.

View full job summary

[dependabot]

Dependabot attempted to update this pull request, but because the branch dependabot/npm_and_yarn/main/dependencies-b624216ff4 is protected it was unable to do so.

[lserra-iov]

@dependabot rebase