Skip to content

[security](deps-dev): bump @tailwindcss/vite from 4.1.18 to 4.3.0#170

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tailwindcss/vite-4.3.0
Open

[security](deps-dev): bump @tailwindcss/vite from 4.1.18 to 4.3.0#170
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tailwindcss/vite-4.3.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps @tailwindcss/vite from 4.1.18 to 4.3.0.

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.3.0

Added

  • Add @container-size utility (#18901)
  • Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
  • Add scrollbar-gutter-* utilities (#20018)
  • Add zoom-* utilities (#20020)
  • Add tab-* utilities (#20022)
  • Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
  • Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
  • Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

  • Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
  • Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
  • Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
  • Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
  • Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
  • Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))]w-[calc(100%-(--spacing(60)))]) (#19986)
  • Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in]mt-[-20in], not mt-[-1920px]) (#19988)
  • Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
  • Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1"style="flex-grow: 1", not style="grow: 1") (#19918)
  • Allow multiple @utility definitions with the same name but different value types (#19777)
  • Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
  • Ensure start and end legacy utilities without values do not generate CSS (#20003)
  • Ensure --value(…) is required in functional @utility definitions (#20005)
  • Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

v4.2.4

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

v4.2.3

Fixed

  • Canonicalization: improve canonicalizations for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)
  • Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (#19846)
  • Upgrade: use config.content when migrating from Tailwind CSS v3 to Tailwind CSS v4 (#19846)
  • Upgrade: never migrate files that are ignored by git (#19846)

... (truncated)

Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.3.0] - 2026-05-08

Added

  • Add @container-size utility (#18901)
  • Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
  • Add scrollbar-gutter-* utilities (#20018)
  • Add zoom-* utilities (#20020)
  • Add tab-* utilities (#20022)
  • Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
  • Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
  • Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

  • Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
  • Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
  • Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
  • Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
  • Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
  • Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))]w-[calc(100%-(--spacing(60)))]) (#19986)
  • Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in]mt-[-20in], not mt-[-1920px]) (#19988)
  • Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
  • Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1"style="flex-grow: 1", not style="grow: 1") (#19918)
  • Allow multiple @utility definitions with the same name but different value types (#19777)
  • Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
  • Ensure start and end legacy utilities without values do not generate CSS (#20003)
  • Ensure --value(…) is required in functional @utility definitions (#20005)
  • Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

[4.2.4] - 2026-04-21

Fixed

  • Ensure imports in @import and @plugin still resolve correctly when using Vite aliases in @tailwindcss/vite (#19947)

[4.2.3] - 2026-04-20

Fixed

  • Canonicalization: improve canonicalization for tracking-* utilities by preferring non-negative utilities (e.g. -tracking-tightertracking-wider) (#19827)
  • Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (#19829)
  • Ensure query params in imports are considered unique resources when using @tailwindcss/webpack (#19723)
  • Canonicalization: collapse arbitrary values into shorthand utilities (e.g. px-[1.2rem] py-[1.2rem]p-[1.2rem]) (#19837)
  • Canonicalization: collapse border-{t,b}-* into border-y-*, border-{l,r}-* into border-x-*, and border-{t,r,b,l}-* into border-* (#19842)
  • Canonicalization: collapse scroll-m{t,b}-* into scroll-my-*, scroll-m{l,r}-* into scroll-mx-*, and scroll-m{t,r,b,l}-* into scroll-m-* (#19842)
  • Canonicalization: collapse scroll-p{t,b}-* into scroll-py-*, scroll-p{l,r}-* into scroll-px-*, and scroll-p{t,r,b,l}-* into scroll-p-* (#19842)
  • Canonicalization: collapse overflow-{x,y}-* into overflow-* (#19842)
  • Canonicalization: collapse overscroll-{x,y}-* into overscroll-* (#19842)
  • Read from --placeholder-color instead of --background-color for placeholder-* utilities (#19843)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/vite since your current version.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 11, 2026

Labels

The following labels could not be found: security. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Dependency updates label May 11, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 11, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​tailwindcss/​vite@​4.3.01001009098100

View full report

chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b23b0907bf

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread platforms/web/apps/web/package.json
},
"devDependencies": {
"@tailwindcss/vite": "4.1.18",
"@tailwindcss/vite": "4.3.0",
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Update FORJAMIE for Tailwind tooling bump

This bumps @tailwindcss/vite for the web build surface, which is a tooling/config change. The root AGENTS.md hard rule says any commit that changes behavior, config, or tooling must update FORJAMIE.md in the same changeset and add a Recent Changes entry; this commit only changes package manifests and the lockfile, so the project memory is now missing the Tailwind/Vite tooling update developers are expected to rely on.

Useful? React with 👍 / 👎.

@dependabot
[security](deps-dev): bump @tailwindcss/vite from 4.1.18 to 4.3.0
0acbf96 
Bumps [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) from 4.1.18 to 4.3.0.
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-vite)

---
updated-dependencies:
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title [security](deps-dev): Bump @tailwindcss/vite from 4.1.18 to 4.3.0 [security](deps-dev): bump @tailwindcss/vite from 4.1.18 to 4.3.0 May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/tailwindcss/vite-4.3.0 branch from b23b090 to 0acbf96 Compare May 18, 2026 16:00
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0acbf966dc

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread platforms/web/apps/web/package.json
},
"devDependencies": {
"@tailwindcss/vite": "4.1.18",
"@tailwindcss/vite": "4.3.0",
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot May 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Keep Tailwind packages on the same version

Bumping only @tailwindcss/vite leaves this package's direct tailwindcss dependency pinned to 4.1.18, so this workspace now installs two Tailwind compiler versions: the Vite plugin depends on tailwindcss: 4.3.0 in pnpm-lock.yaml, while local imports such as tailwind.config.ts and @import "tailwindcss" still resolve the direct 4.1.18 dependency. The same split was introduced in packages/widgets and Storybook, which can make generated CSS/types depend on which entry point is used; update the direct tailwindcss pins alongside the plugin bump.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

dependencies Dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants