Bump less from 4.5.1 to 4.6.4

[dependabot]

Bumps less from 4.5.1 to 4.6.4.

Release notes

Sourced from less's releases.

Release v4.6.3

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.3

Release v4.6.0

Changes

See CHANGELOG.md for details.

Installation

npm install less@4.6.0

Changelog

Sourced from less's changelog.

Change Log

v4.6.0 (2026-03-09)

Bug Fixes

• #4414 Fix pre-existing bugs in tree nodes: selector this binding, atrule parenting, mixin-call error propagation, container/media functionRegistry guard (@​matthew-dean)
• #4408 Fix #4358 Resolve parent selectors in comma-separated pseudo-selector lists (@​matthew-dean)
• #4407 Fix #4331 Exclude CSS at-rule keywords from declarationCall parsing (@​matthew-dean)
• #4389 Fix #4354 Unknown at-rule expression commas (@​puckowski)
• #4404 Fix no-prototype-builtins issues in Ruleset and ToCSSVisitor (@​matthew-dean)
• #4236 Fix import subpath module bug (@​nicolo-ribaudo)
• #4327 Remove duplicate length check from expression.genCSS() (@​nicolo-ribaudo)
• #3791 Handle the lack of optional dependencies (@​nicolo-ribaudo)

Features & Improvements

• #4413 Add JSDoc type annotations for all tree node files (@​matthew-dean)
• #4412 Convert prototype-based tree nodes to ES6 classes (@​matthew-dean)
• #4411 Migrate to native ESM with no build step (@​matthew-dean)
• #4410 Optimize hot paths and fix benchmark infrastructure (@​matthew-dean)
• #4409 Code quality cleanup for container queries and related code (@​matthew-dean)

Deprecation Warnings

• #4402 Add deprecation warnings for features removed in Less 5.x, container query variable name fix, deprecation notice fix (@​matthew-dean, @​puckowski)

Chores

• #4406 Add test for number with underscore parsing (@​matthew-dean)
• #4386 Update README.md copyright (@​matthew-dean)
• #3782 Remove phantom stuff (@​nicolo-ribaudo)
• #3702 Replace deprecated String.prototype.substr() (@​nicolo-ribaudo)
• #4265 Remove redundant return from parsers.blockRuleset() (@​nicolo-ribaudo)
• #4271 Remove unused parsers.entities.propertyCurly() (@​nicolo-ribaudo)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	less@​4.5.1 ⏵ 4.6.4	+1		+16	+10

View full report