Skip to content

chore(deps-dev): bump tailwindcss from 3.4.17 to 4.1.18#657

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/tailwindcss-4.1.18
Open

chore(deps-dev): bump tailwindcss from 3.4.17 to 4.1.18#657
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/tailwindcss-4.1.18

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 7, 2026
edited
Loading

Bumps tailwindcss from 3.4.17 to 4.1.18.

Release notes

Sourced from tailwindcss's releases.

v4.1.18

Fixed

  • Ensure validation of source(…) happens relative to the file it is in (#19274)
  • Include filename and line numbers in CSS parse errors (#19282)
  • Skip comments in Ruby files when checking for class names (#19243)
  • Skip over arbitrary property utilities with a top-level ! in the value (#19243)
  • Support environment API in @tailwindcss/vite (#18970)
  • Preserve case of theme keys from JS configs and plugins (#19337)
  • Write source maps correctly on the CLI when using --watch (#19373)
  • Handle special defaults (like ringColor.DEFAULT) in JS configs (#19348)
  • Improve backwards compatibility for content theme key from JS configs (#19381)
  • Upgrade: Handle future and experimental config keys (#19344)
  • Try to canonicalize any arbitrary utility to a bare value (#19379)
  • Validate candidates similarly to Oxide (#19397)
  • Canonicalization: combine text-* and leading-* classes (#19396)
  • Correctly handle duplicate CLI arguments (#19416)
  • Don’t emit color-mix fallback rules inside @keyframes (#19419)
  • CLI: Don't hang when output is /dev/stdout (#19421)

v4.1.17

Fixed

  • Substitute @variant inside legacy JS APIs (#19263)
  • Prevent occasional crash on Windows when loaded into a worker thread (#19242)

v4.1.16

Fixed

  • Discard candidates with an empty data type (#19172)
  • Fix canonicalization of arbitrary variants with attribute selectors (#19176)
  • Fix invalid colors due to nested & (#19184)
  • Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

v4.1.15

Fixed

  • Fix Safari devtools rendering issue due to color-mix fallback (#19069)
  • Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
  • Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)
  • Allow named groups in combination with not-*, has-*, and in-* (#19100)
  • Prevent important utilities from affecting other utilities (#19110)
  • Don’t index into strings with the theme(…) function (#19111)
  • Fix parsing issue when \t is used in at-rules (#19130)
  • Upgrade: Canonicalize utilities containing 0 values (#19095)
  • Upgrade: Migrate deprecated break-words to wrap-break-word (#19157)

Changed

  • Remove the postinstall script from oxide (#19149)

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[4.1.18] - 2025-12-11

Fixed

  • Ensure validation of source(…) happens relative to the file it is in (#19274)
  • Include filename and line numbers in CSS parse errors (#19282)
  • Skip comments in Ruby files when checking for class names (#19243)
  • Skip over arbitrary property utilities with a top-level ! in the value (#19243)
  • Support environment API in @tailwindcss/vite (#18970)
  • Preserve case of theme keys from JS configs and plugins (#19337)
  • Write source maps correctly on the CLI when using --watch (#19373)
  • Handle special defaults (like ringColor.DEFAULT) in JS configs (#19348)
  • Improve backwards compatibility for content theme key from JS configs (#19381)
  • Upgrade: Handle future and experimental config keys (#19344)
  • Try to canonicalize any arbitrary utility to a bare value (#19379)
  • Validate candidates similarly to Oxide (#19397)
  • Canonicalization: combine text-* and leading-* classes (#19396)
  • Correctly handle duplicate CLI arguments (#19416)
  • Don’t emit color-mix fallback rules inside @keyframes (#19419)
  • CLI: Don't hang when output is /dev/stdout (#19421)

[3.4.19] - 2025-12-10

Fixed

  • Don’t break sibling-*() functions when used inside calc(…) (#19335)

[4.1.17] - 2025-11-06

Fixed

  • Substitute @variant inside legacy JS APIs (#19263)
  • Prevent occasional crash on Windows when loaded into a worker thread (#19242)

[4.1.16] - 2025-10-23

Fixed

  • Discard candidates with an empty data type (#19172)
  • Fix canonicalization of arbitrary variants with attribute selectors (#19176)
  • Fix invalid colors due to nested & (#19184)
  • Improve canonicalization for & > :pseudo and & :pseudo arbitrary variants (#19178)

[4.1.15] - 2025-10-20

Fixed

  • Fix Safari devtools rendering issue due to color-mix fallback (#19069)
  • Suppress Lightning CSS warnings about :deep, :slotted, and :global (#19094)
  • Fix resolving theme keys when starting with the name of another theme key in JS configs and plugins (#19097)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Upgrades the build toolchain to Tailwind CSS v4.

  • Bumps tailwindcss in package.json from 3.4.17 to 4.1.18
  • Regenerates package-lock.json with updated transitive packages (e.g., postcss-*, resolve, sucrase, @jridgewell/*, etc.), engine ranges, and license metadata
  • No source code changes

Written by Cursor Bugbot for commit f1dedc8. This will update automatically on new commits. Configure here.

@dependabot dependabot bot added dependencies Pull requests to update dependency files, ensuring packages and libraries are up-to-date javascript Pull requests updating JavaScript code, affecting front-end functionalities and scripts labels Jan 7, 2026
@dependabot dependabot bot mentioned this pull request Jan 7, 2026
Closed
cursor[bot]
cursor bot reviewed Jan 7, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR is being reviewed by Cursor Bugbot

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

package.json
"stylelint-order": "6.0.4",
"stylelint-prettier": "5.0.3",
"tailwindcss": "3.4.17",
"tailwindcss": "4.1.18",
Copy link

@cursor cursor bot Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tailwind v4 breaks v3 CSS import syntax

High Severity

Upgrading tailwindcss from v3.4.17 to v4.1.18 breaks the build because the project's CSS file (resources/css/site.css) uses v3-style imports: @import url('tailwindcss/base'), @import url('tailwindcss/components'), and @import url('tailwindcss/utilities'). These individual module paths don't exist in Tailwind v4, which uses a completely different CSS-first architecture requiring @import "tailwindcss" instead. The CSS build will fail with module resolution errors.

Fix in Cursor Fix in Web

package.json
"stylelint-order": "6.0.4",
"stylelint-prettier": "5.0.3",
"tailwindcss": "3.4.17",
"tailwindcss": "4.1.18",
Copy link

@cursor cursor bot Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PostCSS config uses v3-only plugin paths

High Severity

The project's postcss.config.js configures tailwindcss: {} and 'tailwindcss/nesting': {} as PostCSS plugins, but Tailwind v4 doesn't export PostCSS plugins from the main package. In v4, you need the separate @tailwindcss/postcss package for PostCSS integration, and the tailwindcss/nesting export doesn't exist. The PostCSS build will fail with a "cannot find module" error when loading these plugins.

Fix in Cursor Fix in Web

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tailwindcss-4.1.18 branch 3 times, most recently from f1dedc8 to d3d9f77 Compare January 7, 2026 19:19
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tailwindcss-4.1.18 branch from d3d9f77 to 3a33f7d Compare January 19, 2026 20:42
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tailwindcss-4.1.18 branch from 3a33f7d to dfac1b3 Compare January 26, 2026 20:54
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tailwindcss-4.1.18 branch from dfac1b3 to 78a6698 Compare February 3, 2026 01:20
@dependabot
chore(deps-dev): bump tailwindcss from 3.4.17 to 4.1.18
caca60a 
Bumps [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) from 3.4.17 to 4.1.18.
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.1.18/packages/tailwindcss)

---
updated-dependencies:
- dependency-name: tailwindcss
  dependency-version: 4.1.18
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tailwindcss-4.1.18 branch from 78a6698 to caca60a Compare February 6, 2026 12:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 0 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests to update dependency files, ensuring packages and libraries are up-to-date javascript Pull requests updating JavaScript code, affecting front-end functionalities and scripts

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants