Skip to content

[Snyk] Upgrade tailwindcss from 3.4.4 to 4.1.13 #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade tailwindcss from 3.4.4 to 4.1.13 #89

wants to merge 1 commit into from
+1 −1

Conversation

nerdy-tech-com-gitub
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade tailwindcss from 3.4.4 to 4.1.13.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 92 versions ahead of your current version.

  • The recommended version was released a month ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 57 Proof of Concept
critical severity Predictable Value Range from Previous Values
SNYK-JS-FORMDATA-10841150		 57 Proof of Concept
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 57 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085		 57 No Known Exploit
Release notes
Package name: tailwindcss
  • 4.1.13 - 2025-09-04

    Changed

    • Drop warning from browser build (#18731)
    • Drop exact duplicate declarations when emitting CSS (#18809)

    Fixed

    • Don't transition visibility when using transition (#18795)
    • Discard matched variants with unknown named values (#18799)
    • Discard matched variants with non-string values (#18799)
    • Show suggestions for known matchVariant values (#18798)
    • Replace deprecated clip with clip-path in sr-only (#18769)
    • Hide internal fields from completions in matchUtilities (#18820)
    • Ignore .vercel folders by default (can be overridden by @ source … rules) (#18855)
    • Consider variants starting with @- to be invalid (e.g. @-2xl:flex) (#18869)
    • Do not allow custom variants to start or end with a - or _ (#18867, #18872)
    • Upgrade: Migrate aria theme keys to @ custom-variant (#18815)
    • Upgrade: Migrate data theme keys to @ custom-variant (#18816)
    • Upgrade: Migrate supports theme keys to @ custom-variant (#18817)
  • 4.1.12 - 2025-08-14

    Fixed

    • Don't consider the global important state in @ apply (#18404)
    • Add missing suggestions for flex-<number> utilities (#18642)
    • Fix trailing ) from interfering with extraction in Clojure keywords (#18345)
    • Detect classes inside Elixir charlist, word list, and string sigils (#18432)
    • Track source locations through @ plugin and @ config (#18345)
    • Allow boolean values of process.env.DEBUG in @ tailwindcss/node (#18485)
    • Ignore consecutive semicolons in the CSS parser (#18532)
    • Center the dropdown icon added to an input with a paired datalist by default (#18511)
    • Extract candidates in Slang templates (#18565)
    • Improve error messages when encountering invalid functional utility names (#18568)
    • Discard CSS AST objects with false or undefined properties (#18571)
    • Allow users to disable URL rebasing in @ tailwindcss/postcss via transformAssetUrls: false (#18321)
    • Fix false-positive migrations in addEventListener and JavaScript variable names (#18718)
    • Fix Standalone CLI showing default Bun help when run via symlink on Windows (#18723)
    • Read from --border-color-* theme keys in divide-* utilities for backwards compatibility (#18704)
    • Don't scan .hdr and .exr files for classes by default (#18734)
  • 4.1.11 - 2025-06-26

    Fixed

    • Add heuristic to skip candidate migrations inside emit(…) (#18330)
    • Extract candidates with variants in Clojure/ClojureScript keywords (#18338)
    • Document --watch=always in the CLI's usage (#18337)
    • Add support for Vite 7 to @ tailwindcss/vite (#18384)
  • 4.1.10 - 2025-06-11

    Fixed

    • Fix incorrectly generated CSS when using percentages in arbitrary values with calc (e.g. w-[calc(100%-var(--offset))]) (#18289)
  • 4.1.9 - 2025-06-11

    Fixed

    • Correctly parse custom properties with strings containing semicolons (#18251)
    • Upgrade: Migrate arbitrary modifiers without percentage signs to bare values (e.g. /[0.16]/16) (#18184)
    • Upgrade: Migrate CSS variable shorthands where fallback value contains function call (#18184)
    • Upgrade: Migrate negative arbitrary values to negative bare values (e.g. mb-[-32rem]-mb-128) (#18212)
    • Upgrade: Do not migrate blur in wire:model.blur (#18216)
    • Don't add spaces around CSS dashed idents when formatting math expressions (#18220)
  • 4.1.8 - 2025-05-28

    Added

    • Improve error messages when @ apply fails (#18059)

    Fixed

    • Upgrade: Do not migrate declarations that look like candidates in <style> blocks (#18057, 18068)
    • Upgrade: Don't error when looking for tailwindcss in pnpm monorepos (#18065)
    • Upgrade: Don't error when updating dependencies in pnpm monorepos (#18065)
    • Upgrade: Migrate deprecated order-none to order-0 (#18126)
    • Support Leptos class: attributes when extracting classes (#18093)
    • Fix "Cannot read properties of undefined" crash on malformed arbitrary value (#18133)
    • Upgrade: Migrate -mt-[0px] to mt-[0px] instead of the other way around (#18154)
    • Fix Haml pre-processing crash when there is no \n at the end of the file (#18155)
    • Ignore .pnpm-store folders by default (can be overridden by @ source … rules) (#18163)
    • Fix PostCSS crash when calling toJSON() (#18083)
  • 4.1.7 - 2025-05-15

    Added

    • Upgrade: Migrate bare values to named values (#18000)
    • Upgrade: Added cache to improve template migration performance (#18025)

    Fixed

    • Allow _ before numbers during candidate extraction (#17961)
    • Prevent duplicate suggestions when using @ theme and @ utility together (#17675)
    • Ensure that media queries within ::before and ::after pseudo selectors create valid CSS rules in production builds (#17979)
    • Ensure that the standalone CLI does not leave temporary files behind (#17981)
    • Ensure -rotate-* utilities properly negate arbitrary values (#18014)
    • Ignore custom variants using :merge(…) selectors in legacy JS plugins (#18020)
    • Ensure classes containing . are properly extracted from Clojure files (#18038)
    • Upgrade: Fix error when using @ import … source(…) (#17963)
    • Upgrade: Change casing of utilities with named values to kebab-case to match updated theme variables (#18017)
    • Upgrade: Don't migrate strings that match utility names in Vue attribute bindings other than class (#18025)
  • 4.1.6 - 2025-05-09

    Added

    • Upgrade: Automatically convert arbitrary values to named values when possible (e.g. h-[1lh] to h-lh) (#17831, #17854)
    • Upgrade: Update dependencies in parallel for improved performance (#17898)
    • Add detailed logging about @ source directives, discovered files and scanned files when using DEBUG=* (#17906, #17952)
    • Add support for generating source maps in development (#17775)

    Fixed

    • Ensure negative arbitrary scale values generate negative values (#17831)
    • Fix HAML extraction with embedded Ruby (#17846)
    • Don't scan files for utilities when using @ reference (#17836)
    • Fix incorrectly replacing _ with in arbitrary modifier shorthand bg-red-500/(--my_opacity) (#17889)
    • Don't scan .log files for classes by default (#17906)
    • Ensure that custom utilities applying other custom utilities don't swallow nested @ apply rules (#17925)
    • Download platform specific package if optionalDependencies are skipped (#17929)
  • 4.1.5 - 2025-04-30
  • 4.1.4 - 2025-04-14
  • 4.1.3 - 2025-04-04
  • 4.1.2 - 2025-04-03
  • 4.1.1 - 2025-04-02
  • 4.1.0 - 2025-04-01
  • 4.0.17 - 2025-03-26
  • 4.0.16 - 2025-03-25
  • 4.0.15 - 2025-03-20
  • 4.0.14 - 2025-03-13
  • 4.0.13 - 2025-03-11
  • 4.0.12 - 2025-03-07
  • 4.0.11 - 2025-03-06
  • 4.0.10 - 2025-03-05
  • 4.0.9 - 2025-02-25
  • 4.0.8 - 2025-02-21
  • 4.0.7 - 2025-02-18
  • 4.0.6 - 2025-02-10
  • 4.0.5 - 2025-02-08
  • 4.0.4 - 2025-02-06
  • 4.0.3 - 2025-02-01
  • 4.0.2 - 2025-01-31
  • 4.0.1 - 2025-01-29
  • 4.0.0 - 2025-01-21
  • 4.0.0-beta.10 - 2025-01-21
  • 4.0.0-beta.9 - 2025-01-09
  • 4.0.0-beta.8 - 2024-12-17
  • 4.0.0-beta.7 - 2024-12-13
  • 4.0.0-beta.6 - 2024-12-06
  • 4.0.0-beta.5 - 2024-12-04
  • 4.0.0-beta.4 - 2024-11-29
  • 4.0.0-beta.3 - 2024-11-27
  • 4.0.0-beta.2 - 2024-11-22
  • 4.0.0-beta.1 - 2024-11-21
  • 4.0.0-alpha.36 - 2024-11-21
  • 4.0.0-alpha.35 - 2024-11-20
  • 4.0.0-alpha.34 - 2024-11-14
  • 4.0.0-alpha.33 - 2024-11-12
  • 4.0.0-alpha.32 - 2024-11-11
  • 4.0.0-alpha.31 - 2024-10-30
  • 4.0.0-alpha.30 - 2024-10-24
  • 4.0.0-alpha.29 - 2024-10-23
  • 4.0.0-alpha.28 - 2024-10-17
  • 4.0.0-alpha.27 - 2024-10-15
  • 4.0.0-alpha.26 - 2024-10-03
  • 4.0.0-alpha.25 - 2024-09-24
  • 4.0.0-alpha.24 - 2024-09-12
  • 4.0.0-alpha.23 - 2024-09-05
  • 4.0.0-alpha.22 - 2024-09-05
  • 4.0.0-alpha.21 - 2024-09-02
  • 4.0.0-alpha.20 - 2024-08-23
  • 4.0.0-alpha.19 - 2024-08-09
  • 4.0.0-alpha.18 - 2024-07-25
  • 4.0.0-alpha.17 - 2024-07-04
  • 4.0.0-alpha.16 - 2024-06-07
  • 4.0.0-alpha.15 - 2024-05-08
  • 4.0.0-alpha.14 - 2024-04-09
  • 4.0.0-alpha.13 - 2024-04-04
  • 4.0.0-alpha.12 - 2024-04-04
  • 4.0.0-alpha.11 - 2024-03-27
  • 4.0.0-alpha.10 - 2024-03-21
  • 4.0.0-alpha.9 - 2024-03-13
  • 4.0.0-alpha.8 - 2024-03-11
  • 4.0.0-alpha.7 - 2024-03-08
  • 4.0.0-alpha.6 - 2024-03-07
  • 4.0.0-alpha.5 - 2024-03-06
  • 4.0.0-alpha.4 - 2024-03-06
  • 4.0.0-alpha.3 - 2024-03-06
  • 4.0.0-alpha.2 - 2024-03-06
  • 4.0.0-alpha.1 - 2024-03-05
  • 3.4.18 - 2025-10-01

    Fixed

    • Improve support for raw supports-[…] queries in arbitrary values (#13605)
    • Fix require.cache error when loaded through a TypeScript file in Node 22.18+ (#18665)
    • Support import.meta.resolve(…) in configs for new enough Node.js versions (#18938)
    • Allow using newer versions of postcss-load-config for better ESM and TypeScript PostCSS config support with the CLI (#18938)
    • Remove irrelevant utility rules when matching important classes (#19030)
  • 3.4.17 - 2024-12-17
  • 3.4.16 - 2024-12-03
  • 3.4.15 - 2024-11-14
  • 3.4.14 - 2024-10-15
  • 3.4.13 - 2024-09-23
  • 3.4.12 - 2024-09-17
  • 3.4.11 - 2024-09-11
  • 3.4.10 - 2024-08-13
  • 3.4.9 - 2024-08-08
  • 3.4.8 - 2024-08-07
  • 3.4.7 - 2024-07-25
  • 3.4.6 - 2024-07-16
  • 3.4.5 - 2024-07-15
  • 3.4.4 - 2024-06-05
from tailwindcss GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade tailwindcss from 3.4.4 to 4.1.13
94653ba 
Snyk has created this PR to upgrade tailwindcss from 3.4.4 to 4.1.13.

See this package in npm:
tailwindcss

See this project in Snyk:
https://app.snyk.io/org/nerds-github/project/ded0d4c9-2f65-458e-91a2-4bc521804eb9?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nerdy-tech-com-gitub @snyk-bot